Is PD component has any authentication method to limit databases that Spark can access?

Question

Is PD have any authentication method to limit databases Spark can access? because if someone know my PD address, they can use TiSark to connect to TiDB and query on my databases.

I have setup a TiDB cluster, then I add a new user, I connect to TiDB by new user and create a new database. When I use Spark to connect to TiDB through PD, I call "show databases" and it return all my database include new database I have created by new user.

My spark session is:

val _spark = SparkSession.builder()
      .master("spark://127.0.0.1:7077") //local[*]
      .config("spark.tispark.pd.addresses", "127.0.0.1:2379")
      .config("spark.sql.extensions","org.apache.spark.sql.TiExtensions")
      .appName("SparkApp")
      .getOrCreate()

I wonder if someone know where are my PDs is, they can hack to my databases. I have read TiDB document carefully but no where mentioned about it.

score 0 · Answer 1 · answered Jul 29 '19 at 06:12

PD does have one, it's TLS authentication. The following link describes how to enable TLS authentication in the TiDB cluster. https://github.com/pingcap/docs/blob/df2a250b463079a35143ef913198732d4c6be5dd/v2.1/how-to/secure/enable-tls-between-components.md

Is PD component has any authentication method to limit databases that Spark can access?

1 Answers1