zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mohammad Arshad (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-2699) Restrict 4lw commands based on client IP
Date Fri, 17 Feb 2017 07:54:41 GMT
Mohammad Arshad created ZOOKEEPER-2699:
------------------------------------------

             Summary: Restrict 4lw commands based on client IP
                 Key: ZOOKEEPER-2699
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2699
             Project: ZooKeeper
          Issue Type: Bug
          Components: security, server
            Reporter: Mohammad Arshad
            Assignee: Mohammad Arshad


Currently 4lw commands are executed without authentication and can be accessed from any IP
which has access to ZooKeeper server. ZOOKEEPER-2693 attempts to limit the 4lw commands which
are enabled by default or enabled by configuration.

In addition to ZOOKEEPER-2693 we should also restrict 4lw commands based on client IP as well.
It is required for following scenario
# User wants to enable all the 4lw commands
# User wants to limit the access of the commands which are considered to be safe by default.
 
*Implementation:*
we can introduce new property 4lw.commands.host.whitelist
# By default we allow all the hosts, but off course only on the 4lw exposed commands as per
the ZOOKEEPER-2693
# It can be configured to allow individual IPs(192.168.1.2,192.168.1.3 etc.)
# It can also be configured to allow group of IPs like 192.168.1.*



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message