On Tue, Apr 22, 2014 at 10:14 AM, Michi Mutsuzaki <[email protected]> wrote: > That's a great idea. > > The link talks about one specific vulnerability (password being logged > in a cleartext :( ), but I'm interested in securing ZooKeeper in > general. I've seen projects staying away from ZooKeeper because it > doesn't support SSL, for example. >
That was one of the reasons why we were trying to add netty support - it would greatly simplify enabling SSL encryption. Patrick > > On Tue, Apr 22, 2014 at 9:32 AM, Flavio Junqueira <[email protected]> wrote: >> Some of you may have noticed that there is a CVE entry for ZK: >> >> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085 >> >> I've never perceived ZK as a project particularly strong on the security >> side, but I was wondering how folks in the list feel about creating a jira >> and working something out. >> >> -Flavio
