Kimahriman commented on PR #49107: URL: https://github.com/apache/spark/pull/49107#issuecomment-2638358679
> Oops, sorry you're correct. We enabled it in Spark specifically yes. WIthout a default mechanism to authenticate to the connect server, this seems like a massive security vulnerability then, right? > Yes, we should also use ephemeral port. We're doing it when we running it locally in some cases, e.g., pyspark shell with --remote local (see DefaultChannelBuilder.default_port) Yeah saw that, should an ephemeral port just always be used for the auto launching of the local server? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: reviews-unsubscr...@spark.apache.org For additional commands, e-mail: reviews-h...@spark.apache.org
