[SOLR-4580] Support for protecting content in ZK - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.2
Fix Version/s: 5.0, 6.0
Component/s: SolrCloud
Labels:
- security
- solr
- zookeeper

Description

We want to protect content in zookeeper.

In order to run a CloudSolrServer in "client-space" you will have to open for access to zookeeper from client-space.
If you do not trust persons or systems in client-space you want to protect zookeeper against evilness from client-space - e.g.

Changing configuration
Trying to mess up system by manipulating clusterstate
Add a delete-collection job to be carried out by the Overseer
etc

Even if you do not open for zookeeper access to someone outside your "secure zone" you might want to protect zookeeper content from being manipulated by e.g.

Malware that found its way into secure zone
Other systems also using zookeeper
etc.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

SOLR-4580_branch_4x_r1482255.patch
14/May/13 15:00
61 kB
Per Steffensen
SOLR-4580.patch
28/Aug/14 20:09
87 kB
Mark Miller
SOLR-4580.patch
07/Aug/14 00:19
82 kB
Mark Miller
SOLR-4580.patch
25/Jun/13 00:30
73 kB
Mark Miller

Issue Links

is required by

SOLR-7890 By default require admin rights to access /security.json in ZK

Resolved

Activity

People

Assignee:: Mark Miller

Reporter:: Per Steffensen

Votes:: 3 Vote for this issue

Watchers:: 11 Start watching this issue

Dates

Created:: 14/Mar/13 07:13

Updated:: 09/May/16 18:46

Resolved:: 11/Jan/15 15:21