The link talks about one specific vulnerability (password being logged in a cleartext :( ), but I'm interested in securing ZooKeeper in general. I've seen projects staying away from ZooKeeper because it doesn't support SSL, for example. On Tue, Apr 22, 2014 at 9:32 AM, Flavio Junqueira <[EMAIL PROTECTED]> wrote:
Hm. Well the txnlogs didn't make much sense to me. If you have that level of access, well they you've got access to everything regardless. Shouldn't/wouldn't those files be protected by permissions on the datadir?
Also, which "password" are we storing in the txnlog? The session password or truly the admin password.
On Tue, Apr 22, 2014 at 11:04 AM, Flavio Junqueira <[EMAIL PROTECTED]> wrote:
If you like. The protoype on that JIRA has more than a single configuration toggle, but another revision could do that. In lieu of a simple configuration change there could be a chapter on setting up filesystem encryption on Linux and Windows. This wouldn't protect against leaks due to improper filesystem level permissions. On Wed, Apr 23, 2014 at 10:58 AM, Michi Mutsuzaki <[EMAIL PROTECTED]>wrote: Best regards,
Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
Great! Could you also inquire on how they fixed this?
On Wed, Apr 23, 2014 at 4:31 PM, Michi Mutsuzaki <[EMAIL PROTECTED]> wrote:
NEW: Monitor These Apps!
Apache Lucene, Apache Solr and all other Apache Software Foundation project and their respective logos are trademarks of the Apache Software Foundation.
Elasticsearch, Kibana, Logstash, and Beats are trademarks of Elasticsearch BV, registered in the U.S. and in other countries. This site and Sematext Group is in no way affiliated with Elasticsearch BV.
Service operated by Sematext