The link talks about one specific vulnerability (password being logged in a cleartext :( ), but I'm interested in securing ZooKeeper in general. I've seen projects staying away from ZooKeeper because it doesn't support SSL, for example. On Tue, Apr 22, 2014 at 9:32 AM, Flavio Junqueira <[EMAIL PROTECTED]> wrote:
Hm. Well the txnlogs didn't make much sense to me. If you have that level of access, well they you've got access to everything regardless. Shouldn't/wouldn't those files be protected by permissions on the datadir?
Also, which "password" are we storing in the txnlog? The session password or truly the admin password.
On Tue, Apr 22, 2014 at 11:04 AM, Flavio Junqueira <[EMAIL PROTECTED]> wrote:
If you like. The protoype on that JIRA has more than a single configuration toggle, but another revision could do that. In lieu of a simple configuration change there could be a chapter on setting up filesystem encryption on Linux and Windows. This wouldn't protect against leaks due to improper filesystem level permissions. On Wed, Apr 23, 2014 at 10:58 AM, Michi Mutsuzaki <[EMAIL PROTECTED]>wrote: Best regards,
Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)