I've created ZK-1917 for this. I think it is referring to the txn logs. If so, SSL encryption alone isn't going to do it.
-Flavio On 22 Apr 2014, at 18:55, Patrick Hunt <[email protected]> wrote: > On Tue, Apr 22, 2014 at 10:14 AM, Michi Mutsuzaki <[email protected]> > wrote: >> That's a great idea. >> >> The link talks about one specific vulnerability (password being logged >> in a cleartext :( ), but I'm interested in securing ZooKeeper in >> general. I've seen projects staying away from ZooKeeper because it >> doesn't support SSL, for example. >> > > That was one of the reasons why we were trying to add netty support - > it would greatly simplify enabling SSL encryption. > > Patrick > >> >> On Tue, Apr 22, 2014 at 9:32 AM, Flavio Junqueira <[email protected]> wrote: >>> Some of you may have noticed that there is a CVE entry for ZK: >>> >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085 >>> >>> I've never perceived ZK as a project particularly strong on the security >>> side, but I was wondering how folks in the list feel about creating a jira >>> and working something out. >>> >>> -Flavio
