[ https://issues.apache.org/jira/browse/ACCUMULO-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303476#comment-14303476 ]
Josh Elser commented on ACCUMULO-3557: -------------------------------------- Ideally, we need these ZNodes to still be open for global read; however, we would want to add a write ACL to each node (like we do to protect the users data) to prevent unauthenticated users from changing the node unintentionally or maliciously. > No write ACL set on /accumulo/instances/... > ------------------------------------------- > > Key: ACCUMULO-3557 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3557 > Project: Accumulo > Issue Type: Improvement > Components: zookeeper > Reporter: Josh Elser > Priority: Critical > Fix For: 1.7.0 > > > It's common for users to have four "arguments" to make a connection to > Accumulo: zookeeper quorum string, instance name, username and password. > The instance name is used to find the instanceID using > {{/accumulo/instances/...}} in ZooKeeper. It appears that anyone can write in > the {{/accumulo/instances}} ZNode. This seems suspect, because any > unauthenticated user can alter the state of ZooKeeper and break users > connecting to Accumulo or force them to connect to a different Accumulo > instance. -- This message was sent by Atlassian JIRA (v6.3.4#6332)