zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From hanm <...@git.apache.org>
Subject [GitHub] zookeeper pull request #183: ZOOKEEPER-2693: DOS attack on wchp/wchc four le...
Date Tue, 07 Mar 2017 03:09:15 GMT
Github user hanm commented on a diff in the pull request:

    --- Diff: src/docs/src/documentation/content/xdocs/zookeeperAdmin.xml ---
    @@ -1042,6 +1042,40 @@ server.3=zoo3:2888:3888</programlisting>
    +          <varlistentry>
    +            <term>4lw.commands.whitelist</term>
    +            <listitem>
    +              <para>(Java system property: <emphasis
    +                      role="bold">zookeeper.4lw.commands.whitelist</emphasis>)</para>
    +              <para><emphasis role="bold">New in 3.4.10:</emphasis>
    +                This property contains a list of comma separated
    +                <ulink url="#sc_4lw">Four Letter Words</ulink> commands.
It is introduced
    +                to provide fine grained control over the set of commands ZooKeeper can
    +                so users can turn off certain commands if necessary.
    +                By default it contains all supported four letter word commands except
"wchp" and "wchc",
    +                if the property is not specified. If the property is specified, then
only commands listed
    +                in the whitelist are enabled.
    +              </para>
    +              <para>Here's an example of the configuration that enables stat, ruok,
conf, and isro
    +                command while disabling the rest of Four Letter Words command:</para>
    +              <programlisting>
    +                4lw.commands.whitelist=stat, ruok, conf, isro
    +              </programlisting>
    +              <para>Users can also use asterisk option so they don't have to include
every command one by one in the list.
    +                As an example, this will enable all four letter word commands:
    +              </para>
    +              <programlisting>
    +                4lw.commands.whitelist=*
    +              </programlisting>
    +            </listitem>
    +          </varlistentry>
    --- End diff --

If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.

View raw message