[ https://issues.apache.org/jira/browse/DRILL-4627?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Keys Botzum updated DRILL-4627: ------------------------------- Labels: security (was: ) > Drill should protect data placed into Zookeeper/ZK > -------------------------------------------------- > > Key: DRILL-4627 > URL: https://issues.apache.org/jira/browse/DRILL-4627 > Project: Apache Drill > Issue Type: Bug > Reporter: Keys Botzum > Priority: Minor > Labels: security > > Drill is striving to improve it's security posture and is improving rapidly. > One key item in a secure system is protection of all relevant data that an > attacker could use to cause harm. Today Drill does not protect the data in > ZK. This means that an attacker could alter it. > I recommend that Drill create appropriate ZK ACLs on the data in ZK and > establish an appropriate authentication mechanism to ZK - that's likely > Kerberos for most Hadoop clusters but MapR Native Security for MapR. -- This message was sent by Atlassian JIRA (v6.3.4#6332)