zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Han <h...@cloudera.com>
Subject Re: How to secure zookeeper?
Date Tue, 13 Jun 2017 17:44:10 GMT
We just published a blog about 4lw and security today which provides more
context about history and possible solutions, hope this also helps.

https://blog.cloudera.com/blog/2017/06/apache-zookeeper-four-letter-words-and-security/

On Sat, Jun 3, 2017 at 9:43 AM, Novin Novin <toe.alean@gmail.com> wrote:

> thanks Flavio
>
> On Sat, 3 Jun 2017 at 16:11 Flavio Junqueira <fpj@apache.org> wrote:
>
> > This is not exactly what you are after, but in 3.4.10 you can whitelist
> > specific commands, see the documentation here:
> >
> >     https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html <
> > https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html>
> >
> > and search for:
> >     4lw.commands.whitelist
> > Otherwise, I don't know how else you'd be able to protect access to 4lw
> > other than use a firewall.
> >
> > -Flavio
> >
> > > On 31 May 2017, at 10:34, Novin Novin <toe.alean@gmail.com> wrote:
> > >
> > > One more thing I like to add I'm using zookeeper version 3.4.8
> > > On Wed, 31 May 2017 at 09:32 Novin Novin <toe.alean@gmail.com> wrote:
> > >
> > >> Hi Guys,
> > >>
> > >> I'm newbie to zookeeper. I have setup zookeeper ensemble for SolrCloud
> > and
> > >> using acls.
> > >>
> > >> But I'm worry about here for security of 4 character commands. I am
> able
> > >> to run 4 character from outside of ensemble and also able to connect
> > with
> > >> zookeeper.   I really don't want to turn off these commands because
> > these
> > >> are really handy for administration.
> > >>
> > >> Is there any way to protect those 4 character commands for zookeeper
> > other
> > >> than firewall?
> > >>
> > >> Any help would be appreciated.
> > >>
> > >> Cheers,
> > >> Navin
> > >>
> > >>
> >
> >
>



-- 
Cheers
Michael.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message