Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 50DD619DD8 for ; Fri, 1 Apr 2016 17:16:15 +0000 (UTC) Received: (qmail 97520 invoked by uid 500); 1 Apr 2016 17:16:13 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 97465 invoked by uid 500); 1 Apr 2016 17:16:13 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 97452 invoked by uid 99); 1 Apr 2016 17:16:12 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 01 Apr 2016 17:16:12 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id A32D818058E for ; Fri, 1 Apr 2016 17:16:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 1.806 X-Spam-Level: * X-Spam-Status: No, score=1.806 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_BL=0.01, RCVD_IN_MSPIKE_L3=1.899, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=elyograg.org Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id Lpnb4WuBPRl6 for ; Fri, 1 Apr 2016 17:16:10 +0000 (UTC) Received: from frodo.elyograg.org (frodo.elyograg.org [166.70.79.219]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id CBAA15FB2D for ; Fri, 1 Apr 2016 17:16:09 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by frodo.elyograg.org (Postfix) with ESMTP id 39C8B4A44 for ; Fri, 1 Apr 2016 11:16:04 -0600 (MDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=elyograg.org; h= content-transfer-encoding:content-type:content-type:in-reply-to :mime-version:user-agent:date:date:message-id:from:from :references:subject:subject:received:received; s=mail; t= 1459530963; bh=DdKDn1XoNLxDY4SIhSjsauQdUCofyWxPx64I1PHOEog=; b=e o4Efun3ejhJCbie+oA2uFlYaJXd1KggO52E7KdDnCrrVNGjoPJIuykCfpiEPxFhn hSqU3WfhR1Hj0EDdqfrce9N0qLse5nIrcARuR6dapkWevMfmHXkbFKHqWjSz8HOJ QKeB17o3djVHqOfXMOc6ZbAfUJO2dEd/CZFpiAKyOc= X-Virus-Scanned: Debian amavisd-new at frodo.elyograg.org Received: from frodo.elyograg.org ([127.0.0.1]) by localhost (frodo.elyograg.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3QiN0xyCvhPJ for ; Fri, 1 Apr 2016 11:16:03 -0600 (MDT) Received: from [10.2.0.108] (client175.mainstreamdata.com [209.63.42.175]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: elyograg@elyograg.org) by frodo.elyograg.org (Postfix) with ESMTPSA id 11C5A49DE for ; Fri, 1 Apr 2016 11:16:02 -0600 (MDT) Subject: Re: Zookeeper with SSL release date To: user@zookeeper.apache.org References: <0454CD1B-9018-4D5F-A376-CD29525FF87B@apache.org> <58E62111-0064-4291-B376-D40FFCFFF2A9@apache.org> From: Shawn Heisey Message-ID: <56FEACD1.305@elyograg.org> Date: Fri, 1 Apr 2016 11:16:01 -0600 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit On 4/1/2016 10:18 AM, Alexander Shraer wrote: > Because using reconfig without ACLs any client can remove the servers (or > replace them with a different set of servers > or change their configuration parameters) and break the system. This is a potential worry even without reconfig -- a malicious person could change or delete the entire database ... yet many people (including me) run without ACLs. My ZK ensemble is in a network location that unauthorized people can't reach without finding and exploiting some vulnerability that has not yet reached my awareness. If somebody can gain access to the ZK machines, at least one of my public-facing servers is already compromised. ZK will be very low on my list of things to worry about. Chances are that even if the attacker figured out I was using ZK and where it lives, it would be extremely low on THEIR list of priorities -- it doesn't contain any sensitive info, and there are far more efficient ways to cause problems. Thanks, Shawn