lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ishan Chattopadhyaya (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-8792) ZooKeeper ACL not restricting access to zkcli
Date Wed, 27 Apr 2016 20:18:12 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15260854#comment-15260854
] 

Ishan Chattopadhyaya commented on SOLR-8792:
--------------------------------------------

Maybe the boat has already sailed for 5.5.1, but I would still like to bring this issue to
your attention, [~anshumg].
At this point, I think this issue to land in 5.5.1 looks difficult since this has not been
reviewed yet, but I still believe this issue is critical enough to be fixed in some 5x version.


> ZooKeeper ACL not restricting access to zkcli
> ---------------------------------------------
>
>                 Key: SOLR-8792
>                 URL: https://issues.apache.org/jira/browse/SOLR-8792
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication, documentation
>    Affects Versions: 5.0
>            Reporter: Esther Quansah
>              Labels: acl, authentication, security, zkcli, zkcli.sh, zookeeper
>             Fix For: 5.5.1, 6.1
>
>         Attachments: SOLR-8792.patch
>
>
> The documentation presented here: https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control
> details the process of securing Solr content in ZooKeeper using ACLs. In the example
usages, it is mentioned that access to zkcli can be restricted by adding credentials to the
zkcli.sh script in addition to adding the appropriate classnames to solr.xml. With the scripts
in zkcli.sh, another machine should not be able to read or write from the host ZK without
the necessary credentials. At this time, machines are able to read/write from the host ZK
with or without these credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message