zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zara Parst <edotserv...@gmail.com>
Subject I have one small question that always intrigue me
Date Wed, 24 Feb 2016 08:27:26 GMT
Hi everyone,

I am really need your help, please read below


If we have to run solr in cloud mode, we are going to use zookeeper,   now
any zookeeper client can connect to zookeeper server, Zookeeper has
facility to protect znode however any one can see znode acl however
password could be encrypted.  Decrypting password or guessing password is
not a big deal. As we know password is SHA encrypted also there is no
limitation of number of try to authorize with ACL. So my point is how to
safegard zookeeper.

I can guess few things

a. Don't reveal ip of your zookeeper ( security with obscurity )
b. ip table which is also not a very good idea
c. what else ??

My guess was if some how we can protect zookeeper server itself by asking
client to authorize them self before it can make connection to ensemble
even at root ( /) znode.

Please please at least comment on this , I really need your help.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message