[ https://issues.apache.org/jira/browse/ACCUMULO-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303527#comment-14303527 ]
Mike Drob commented on ACCUMULO-3557: ------------------------------------- Who would be authorized to write here? If there are multiple instances sharing the same zookeeper (which I think is crazy-talk, but we support it) then it's not like a single instance secret is authoratative enough to make changes. Maybe the best we can do is just place an ACL on each individual znode and leave {{/instances}} open. > No write ACL set on /accumulo/instances/... > ------------------------------------------- > > Key: ACCUMULO-3557 > URL: https://issues.apache.org/jira/browse/ACCUMULO-3557 > Project: Accumulo > Issue Type: Improvement > Components: zookeeper > Reporter: Josh Elser > Priority: Critical > Fix For: 1.7.0 > > > It's common for users to have four "arguments" to make a connection to > Accumulo: zookeeper quorum string, instance name, username and password. > The instance name is used to find the instanceID using > {{/accumulo/instances/...}} in ZooKeeper. It appears that anyone can write in > the {{/accumulo/instances}} ZNode. This seems suspect, because any > unauthenticated user can alter the state of ZooKeeper and break users > connecting to Accumulo or force them to connect to a different Accumulo > instance. -- This message was sent by Atlassian JIRA (v6.3.4#6332)