[jira] [Commented] (SOLR-13502) Investigate using something other than ZooKeeper's "4 letter words" for the admin UI status

Thu, 30 May 2019 09:53:11 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-13502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16852064#comment-16852064
 ] 

Cassandra Targett commented on SOLR-13502:
------------------------------------------

bq.  users will have to modify their zoo.cfg

My initial reaction is, so what? We already have a number of changes users need 
to make in their zoo.cfg to run with Solr and to me this is just another item 
on the list to properly run ZK securely in our environment. Unless I'm missing 
something, I don't see it as something that needs a lot of discussion (with 
it's risks of bikeshedding), it is simply a fact. It's nice to have a heads up 
via an issue (like you've done here), of course, but it just doesn't seem to me 
like a situation we should jump through a lot of hoops to avoid.



> Investigate using something other than ZooKeeper's "4 letter words" for the 
> admin UI status
> -------------------------------------------------------------------------------------------
>
>                 Key: SOLR-13502
>                 URL: https://issues.apache.org/jira/browse/SOLR-13502
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Erick Erickson
>            Assignee: Erick Erickson
>            Priority: Major
>
> ZooKeeper 3.5.5 requires a whitelist of allowed "4 letter words". The only 
> place I see on a quick look at the Solr code where 4lws are used is in the 
> admin UI "ZK Status" link.
> In order to use the admin UI "ZK Status" link, users will have to modify 
> their zoo.cfg file with
> {code}
> 4lw.commands.whitelist=mntr,conf,ruok
> {code}
> This JIRA is to see if there are alternatives to using 4lw for the admin UI.
> This depends on SOLR-8346. If we find an alternative, we need to remove the 
> additions to the ref guide that mention changing zoo.cfg (just scan for 4lw 
> in all the .adoc files) and remove SolrZkServer.ZK_WHITELIST_PROPERTY and all 
> references to it (SolrZkServer and SolrTestCaseJ4).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to