zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Enrico Olivelli (Jira)" <j...@apache.org>
Subject [jira] [Updated] (ZOOKEEPER-2097) Clarify security requirement for Exists request
Date Fri, 06 Sep 2019 15:43:13 GMT

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Enrico Olivelli updated ZOOKEEPER-2097:
---------------------------------------
    Fix Version/s: 3.5.7

> Clarify security requirement for Exists request
> -----------------------------------------------
>
>                 Key: ZOOKEEPER-2097
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2097
>             Project: ZooKeeper
>          Issue Type: Task
>    Affects Versions: 3.4.6, 3.5.0
>            Reporter: Ian Dimayuga
>            Assignee: Ian Dimayuga
>            Priority: Minor
>             Fix For: 3.6.0, 3.5.6, 3.5.7
>
>         Attachments: ZOOKEEPER-2097.patch
>
>
> According to the [Programmer's Guide|http://zookeeper.apache.org/doc/current/zookeeperProgrammers.html]:
> bq. Everyone implicitly has LOOKUP permission. This allows you to stat a node, but nothing
more. (The problem is, if you want to call zoo_exists() on a node that doesn't exist, there
is no permission to check.)
> This implies that Exists has no security requirement, so the existing comment in FinalRequestProcessor
> {code}// TODO we need to figure out the security requirement for this!{code}
> can be removed.



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

Mime
View raw message