[ https://issues.apache.org/jira/browse/SOLR-4580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14088934#comment-14088934 ]
Shawn Heisey commented on SOLR-4580: ------------------------------------ bq. I would recommend in general that Solr users do not keep the Solr content directly in ZK root. Strong +1 from me on this. I think a chroot should be in all the documentation and every SolrCloud example maintained by the project. I can understand if that's not the way we go, but I really think we should. > Support for protecting content in ZK > ------------------------------------ > > Key: SOLR-4580 > URL: https://issues.apache.org/jira/browse/SOLR-4580 > Project: Solr > Issue Type: New Feature > Components: SolrCloud > Affects Versions: 4.2 > Reporter: Per Steffensen > Assignee: Mark Miller > Labels: security, solr, zookeeper > Attachments: SOLR-4580.patch, SOLR-4580.patch, > SOLR-4580_branch_4x_r1482255.patch > > > We want to protect content in zookeeper. > In order to run a CloudSolrServer in "client-space" you will have to open for > access to zookeeper from client-space. > If you do not trust persons or systems in client-space you want to protect > zookeeper against evilness from client-space - e.g. > * Changing configuration > * Trying to mess up system by manipulating clusterstate > * Add a delete-collection job to be carried out by the Overseer > * etc > Even if you do not open for zookeeper access to someone outside your "secure > zone" you might want to protect zookeeper content from being manipulated by > e.g. > * Malware that found its way into secure zone > * Other systems also using zookeeper > * etc. -- This message was sent by Atlassian JIRA (v6.2#6252) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org