zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexander Shraer <shra...@gmail.com>
Subject Re: Zookeeper with SSL release date
Date Fri, 01 Apr 2016 18:32:40 GMT
Hi Shawn,

My proposal was in the following context - Flavio suggested to add new
flag(s)
to disable reconfig in order not to surprise users with new security
vulnerabilities
that arise from dynamic reconfiguration. My point was that we already have
such
a mechanism we could use - ACLs. But if we need to do that while also
allowing
unprotected use of reconfig for some users, perhaps a flag is a better
alternative.

I think we have some flexibility here since reconfig is a new feature so we
could
choose to be concervative and release it first only to people that do use
ACLs, but
I don't feel strongly about it, either way.

What do you think ?  Flavio, Patrick, what's your opinion on this ?

Cheers,
Alex

On Fri, Apr 1, 2016 at 10:16 AM, Shawn Heisey <apache@elyograg.org> wrote:

>
> This is a potential worry even without reconfig -- a malicious person
> could change or delete the entire database ... yet many people
> (including me) run without ACLs.
>
> My ZK ensemble is in a network location that unauthorized people can't
> reach without finding and exploiting some vulnerability that has not yet
> reached my awareness.
>
> If somebody can gain access to the ZK machines, at least one of my
> public-facing servers is already compromised.  ZK will be very low on my
> list of things to worry about.  Chances

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message