Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

CML Python Package Installation Security

avatar
author-rank phir1
Explorer

Created ‎01-05-2024 04:24 AM

Hello,

I've noticed how the CML Terminal lets you install Python packages on the 'Net using pip.

(A gcc compiler is even available!)

Isn't that a security risk?

Is there a way to only allow package installation from an in-house repository?

Many thanks.

683 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Gopinath author-rank
Expert Contributor

Created ‎01-08-2024 02:22 AM

pip index url can be configured as an admin environment variable, but users can override the same with the project environment variable or manual override.

utmost way is to make the cluster air gapped. As long as the cluster has internet gateway, sessions can reach internet to pull the packages

View solution in original post

655 Views
0 Kudos
1 REPLY 1

avatar
author-rank Gopinath author-rank
Expert Contributor

Created ‎01-08-2024 02:22 AM

pip index url can be configured as an admin environment variable, but users can override the same with the project environment variable or manual override.

utmost way is to make the cluster air gapped. As long as the cluster has internet gateway, sessions can reach internet to pull the packages

656 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements