drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DRILL-3780) storage plugin configurations in ZooKeeper need to be secured
Date Mon, 17 Apr 2017 09:15:41 GMT

    [ https://issues.apache.org/jira/browse/DRILL-3780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970887#comment-15970887
] 

Sergey commented on DRILL-3780:
-------------------------------

Is there any workaround for this problem? I think this is a serious security problem, because
you can easily get a username and password to access the database. 

> storage plugin configurations in ZooKeeper need to be secured
> -------------------------------------------------------------
>
>                 Key: DRILL-3780
>                 URL: https://issues.apache.org/jira/browse/DRILL-3780
>             Project: Apache Drill
>          Issue Type: Bug
>    Affects Versions: 1.2.0
>            Reporter: Kristine Hahn
>             Fix For: Future
>
>
> Drill saves storage plugin configurations in ZooKeeper (distributed mode), and when authorization
is enabled to prevent modification or deletion of the configurations from the Web UI (DRILL-3725,
3201, 3622), an unauthorized user can still access the configuration in ZooKeeper.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message