On Mar 13, 2013, at 7:36 AM, Per Steffensen <[email protected]> wrote:
> My question is if such a solution is worth the effort of a Solr JIRA I think that as long as you could do things with no credentials or setup by default, ZooKeeper security would be nice to optionally support. I'm sure that anyone sharing zookeeper for multiple services wouldn't mind being able to set up some permissions. - Mark On Mar 13, 2013, at 7:36 AM, Per Steffensen <[email protected]> wrote: > Hi > > In my organization we want to protect everything accessible from outside our > "secure zone". We have two ports open in our firewall > * 1) A port for HTTP communication with Solr > * 2) A port for communication with ZooKeeper (in order to be able to run > CloudSolrServer-clients outside the SZ) > > We have dealt with 1) and provided our solution as a patch to SOLR-4470. Now > 2) is up. In order to protect ZooKeeper we need to add ACLs to znodes and > make sure ZK-clients provide credentials when accessing ZooKeeper. This will > require a few changes in Solr - have ZK-clients provide credentials when > operating against ZK, and maybe to have Solr add ACLs to the znodes it > creates. My question is if such a solution is worth the effort of a Solr > JIRA, in order to shape the solution in collaboration with the community and > to have a place to provide a patch/solution, or if a solution to this issue > is not interesting for the community (e.g. because there is a strategy that > people also have to somehow deal with this issue outside the context Solr > (code))? > > Regards, Per Steffensen > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
