I'm all for encrypting txn logs/snapshots, but shouldn't we use some existing file system encryption instead of implementing our own?
On Wed, Apr 23, 2014 at 8:56 AM, Andrew Purtell <[email protected]> wrote: > ZOOKEEPER-1688 > > On Tuesday, April 22, 2014, Flavio Junqueira <[email protected]> wrote: > >> I've created ZK-1917 for this. >> >> I think it is referring to the txn logs. If so, SSL encryption alone isn't >> going to do it. >> >> -Flavio >> >> On 22 Apr 2014, at 18:55, Patrick Hunt <[email protected] <javascript:;>> >> wrote: >> >> > On Tue, Apr 22, 2014 at 10:14 AM, Michi Mutsuzaki >> > <[email protected]<javascript:;>> >> wrote: >> >> That's a great idea. >> >> >> >> The link talks about one specific vulnerability (password being logged >> >> in a cleartext :( ), but I'm interested in securing ZooKeeper in >> >> general. I've seen projects staying away from ZooKeeper because it >> >> doesn't support SSL, for example. >> >> >> > >> > That was one of the reasons why we were trying to add netty support - >> > it would greatly simplify enabling SSL encryption. >> > >> > Patrick >> > >> >> >> >> On Tue, Apr 22, 2014 at 9:32 AM, Flavio Junqueira >> >> <[email protected]<javascript:;>> >> wrote: >> >>> Some of you may have noticed that there is a CVE entry for ZK: >> >>> >> >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085 >> >>> >> >>> I've never perceived ZK as a project particularly strong on the >> security >> >>> side, but I was wondering how folks in the list feel about creating a >> jira >> >>> and working something out. >> >>> >> >>> -Flavio >> >> > > -- > Best regards, > > - Andy > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > (via Tom White)
