[
https://issues.apache.org/jira/browse/DRILL-3780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15970887#comment-15970887
]
Sergey commented on DRILL-3780:
-------------------------------
Is there any workaround for this problem? I think this is a serious security
problem, because you can easily get a username and password to access the
database.
> storage plugin configurations in ZooKeeper need to be secured
> -------------------------------------------------------------
>
> Key: DRILL-3780
> URL: https://issues.apache.org/jira/browse/DRILL-3780
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.2.0
> Reporter: Kristine Hahn
> Fix For: Future
>
>
> Drill saves storage plugin configurations in ZooKeeper (distributed mode),
> and when authorization is enabled to prevent modification or deletion of the
> configurations from the Web UI (DRILL-3725, 3201, 3622), an unauthorized user
> can still access the configuration in ZooKeeper.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
