zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From nkalmar <...@git.apache.org>
Subject [GitHub] zookeeper pull request #:
Date Thu, 02 Aug 2018 10:19:43 GMT
Github user nkalmar commented on the pull request:

    https://github.com/apache/zookeeper/commit/a2623a625a4778720f7d5482d0a66e9b37ae556f#commitcomment-29934308
  
    Both JMX and Jetty can be secured. The problem here is, as of my understanding, is that
4ltw command uses the client port. You can secure JMX port, introduce authentication, SSL
etc. But you cannot secure the client port like that. So leaving the port open, and the ability
to call functions without any authentication or authorization via telnet is not the best practice.
    
    By the way, JMX port should only be open on the local machine, as it is the default setting
on ZooKeeper. But if you wan't to open it, it should be secured with firewall/gateway settings,
IP restrictions, SASL or whatever.
    
    Jetty can be also configured for SSL.
    



---

Mime
View raw message