Hi
In my organization we want to protect everything accessible from outside
our "secure zone". We have two ports open in our firewall
* 1) A port for HTTP communication with Solr
* 2) A port for communication with ZooKeeper (in order to be able to run
CloudSolrServer-clients outside the SZ)
We have dealt with 1) and provided our solution as a patch to SOLR-4470.
Now 2) is up. In order to protect ZooKeeper we need to add ACLs to
znodes and make sure ZK-clients provide credentials when accessing
ZooKeeper. This will require a few changes in Solr - have ZK-clients
provide credentials when operating against ZK, and maybe to have Solr
add ACLs to the znodes it creates. My question is if such a solution is
worth the effort of a Solr JIRA, in order to shape the solution in
collaboration with the community and to have a place to provide a
patch/solution, or if a solution to this issue is not interesting for
the community (e.g. because there is a strategy that people also have to
somehow deal with this issue outside the context Solr (code))?
Regards, Per Steffensen
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
