[jira] [Commented] (ZOOKEEPER-3999) zkTxnLogToolkit tool should have a user-password authentication to avoid data security issues

Thu, 12 Nov 2020 07:37:09 -0800 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17230713#comment-17230713
 ] 

Mate Szalay-Beko commented on ZOOKEEPER-3999:
---------------------------------------------

I agree with [~maoling].

also this is independent from ./zkTxnLogToolkit.sh. If someone gets the 
datafiles, he can open it with other tools too (also he can spin-up his own 
ZooKeeper without enabled ACL support, and load the data into it). You should 
protect the data files on the filesystem from any illegal access.

> zkTxnLogToolkit tool should have a user-password authentication to avoid data 
> security issues
> ---------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3999
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3999
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: scripts
>            Reporter: maoling
>            Assignee: maoling
>            Priority: Major
>
> we now can use _*zkTxnLogToolkit.sh*_ to view data directly. For example:
> {code:java}
> ./zkTxnLogToolkit.sh 
> /data/software/zookeeper/zkdataLog/version-2/log.fa9c00000001
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@1461] - 
> zookeeper.flushDelay=0
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@1470] - 
> zookeeper.maxWriteQueuePollTime=0
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@1479] - 
> zookeeper.maxBatchSize=1000
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@243] - 
> zookeeper.intBufferStartingSizeBytes = 1024
> 20-3-30 下午06时35分11秒 session 0x100019a8e490000 cxid 0x0 zxid 0xfa9c00000001 
> createSession 30000
> 20-3-30 下午06时35分22秒 session 0x100019a8e490000 cxid 0x1 zxid 0xfa9c00000002 
> create /03-30, bob,[31,s{'world,'anyone}
> ],false,12012
> 20-3-30 下午06时40分29秒 session 0x100019a8e490000 cxid 0x2 zxid 0xfa9c00000003 
> create /03-30-2, alice,[31,s{'world,'anyone}
> ],false,12013
> EOF reached after 3 txns.
> EOF reached after 3 txns.{code}
> That is a rash move to make the ACL mechanism meaningless. Users can view the 
> znode data at will.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to