lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl <jan....@cominvent.com>
Subject How secure is Zookeeper digest auth?
Date Sun, 16 Sep 2018 20:22:25 GMT
Hi,

We plan to enable (digest) authentication and ACL with Zookeeper to improve security.
However, we have not been able to answer the question of how secure such a setup will be,
given that ZK 3.4.x TCP communication is unencrypted.

So, do anyone know if ZK sends the password in cleartext over the network, so that
anyone who can sniff the network can also pick up the password, and connect and read/write
nodes in ZK?

We'll of course add all the firewall and IP filtering we can. Do you have any other
tricks you use to increase ZK security?

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com


Mime
View raw message