[
https://issues.apache.org/jira/browse/STORM-224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Joseph Evans updated STORM-224:
--------------------------------------
Assignee: Derek Dagit
> Storm should use stricter ACLs within zookeeper
> -----------------------------------------------
>
> Key: STORM-224
> URL: https://issues.apache.org/jira/browse/STORM-224
> Project: Apache Storm (Incubating)
> Issue Type: Sub-task
> Reporter: Robert Joseph Evans
> Assignee: Derek Dagit
> Fix For: feature-security
>
>
> In a stand alone environment storm stores everything wide open in ZK. We
> really should lock this down with ACLs so that individual topologies cannot
> modify data that the storm system uses, and so that other topologies cannot
> modify/interfere with each other.
> The current code from Yahoo will generate a random username/password for each
> topology that is launched. This works great for most topologies, but for
> trident topologies because they store long lived data in ZK the user has to
> keep the credentials around themselves. We would love to switch ZK access
> over to use a forwarded TGT, but have not finished the work to do this yet.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
