[jira] [Issue Comment Deleted] (SOLR-4580) Support for protecting content in ZK

Sun, 11 Jan 2015 07:21:58 -0800 

     [ 
https://issues.apache.org/jira/browse/SOLR-4580?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mark Miller updated SOLR-4580:
------------------------------
    Comment: was deleted

(was: Hey [~shalinmangar], it seems that the assert you added in 
updateClusterState can be tripped in CollectionsAPIDistributedZkTest.

{noformat}
Error from server at http://127.0.0.1:40942: Expected mime type 
application/octet-stream but got text/html. <html> <head> <meta 
http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/> <title>Error 
500 {trace=java.lang.AssertionError  at 
org.apache.solr.common.cloud.ZkStateReader.updateClusterState(ZkStateReader.java:532)
  at 
org.apache.solr.common.cloud.ZkStateReader.updateClusterState(ZkStateReader.java:255)
  at 
org.apache.solr.common.cloud.ZkStateReader.removeZKWatch(ZkStateReader.java:900)
  at org.apache.solr.cloud.ZkController.unregister(ZkController.java:1218)  at 
org.apache.solr.handler.admin.CoreAdminHandler.handleCreateAction(CoreAdminHandler.java:590)
  at 
org.apache.solr.handler.admin.CoreAdminHandler.handleRequestInternal(CoreAdminHandler.java:199)
  at 
org.apache.solr.handler.admin.CoreAdminHandler.handleRequestBody(CoreAdminHandler.java:188)
  at 
org.apache.solr.handler.RequestHandlerBase.handleRequest(RequestHandlerBase.java:144)
  at 
{noformat})

> Support for protecting content in ZK
> ------------------------------------
>
>                 Key: SOLR-4580
>                 URL: https://issues.apache.org/jira/browse/SOLR-4580
>             Project: Solr
>          Issue Type: New Feature
>          Components: SolrCloud
>    Affects Versions: 4.2
>            Reporter: Per Steffensen
>            Assignee: Mark Miller
>              Labels: security, solr, zookeeper
>             Fix For: 5.0, Trunk
>
>         Attachments: SOLR-4580.patch, SOLR-4580.patch, SOLR-4580.patch, 
> SOLR-4580_branch_4x_r1482255.patch
>
>
> We want to protect content in zookeeper. 
> In order to run a CloudSolrServer in "client-space" you will have to open for 
> access to zookeeper from client-space. 
> If you do not trust persons or systems in client-space you want to protect 
> zookeeper against evilness from client-space - e.g.
> * Changing configuration
> * Trying to mess up system by manipulating clusterstate
> * Add a delete-collection job to be carried out by the Overseer
> * etc
> Even if you do not open for zookeeper access to someone outside your "secure 
> zone" you might want to protect zookeeper content from being manipulated by 
> e.g.
> * Malware that found its way into secure zone
> * Other systems also using zookeeper
> * etc.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to