We just published a blog about 4lw and security today which provides more context about history and possible solutions, hope this also helps.
https://blog.cloudera.com/blog/2017/06/apache-zookeeper-four-letter-words-and-security/ On Sat, Jun 3, 2017 at 9:43 AM, Novin Novin <[email protected]> wrote: > thanks Flavio > > On Sat, 3 Jun 2017 at 16:11 Flavio Junqueira <[email protected]> wrote: > > > This is not exactly what you are after, but in 3.4.10 you can whitelist > > specific commands, see the documentation here: > > > > https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html < > > https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html> > > > > and search for: > > 4lw.commands.whitelist > > Otherwise, I don't know how else you'd be able to protect access to 4lw > > other than use a firewall. > > > > -Flavio > > > > > On 31 May 2017, at 10:34, Novin Novin <[email protected]> wrote: > > > > > > One more thing I like to add I'm using zookeeper version 3.4.8 > > > On Wed, 31 May 2017 at 09:32 Novin Novin <[email protected]> wrote: > > > > > >> Hi Guys, > > >> > > >> I'm newbie to zookeeper. I have setup zookeeper ensemble for SolrCloud > > and > > >> using acls. > > >> > > >> But I'm worry about here for security of 4 character commands. I am > able > > >> to run 4 character from outside of ensemble and also able to connect > > with > > >> zookeeper. I really don't want to turn off these commands because > > these > > >> are really handy for administration. > > >> > > >> Is there any way to protect those 4 character commands for zookeeper > > other > > >> than firewall? > > >> > > >> Any help would be appreciated. > > >> > > >> Cheers, > > >> Navin > > >> > > >> > > > > > -- Cheers Michael.
