If you like. The protoype on that JIRA has more than a single configuration toggle, but another revision could do that. In lieu of a simple configuration change there could be a chapter on setting up filesystem encryption on Linux and Windows. This wouldn't protect against leaks due to improper filesystem level permissions.
On Wed, Apr 23, 2014 at 10:58 AM, Michi Mutsuzaki <[email protected]>wrote: > I'm all for encrypting txn logs/snapshots, but shouldn't we use some > existing file system encryption instead of implementing our own? > > On Wed, Apr 23, 2014 at 8:56 AM, Andrew Purtell <[email protected]> > wrote: > > ZOOKEEPER-1688 > > > > On Tuesday, April 22, 2014, Flavio Junqueira <[email protected]> > wrote: > > > >> I've created ZK-1917 for this. > >> > >> I think it is referring to the txn logs. If so, SSL encryption alone > isn't > >> going to do it. > >> > >> -Flavio > >> > >> On 22 Apr 2014, at 18:55, Patrick Hunt <[email protected]<javascript:;>> > >> wrote: > >> > >> > On Tue, Apr 22, 2014 at 10:14 AM, Michi Mutsuzaki < > [email protected]<javascript:;>> > >> wrote: > >> >> That's a great idea. > >> >> > >> >> The link talks about one specific vulnerability (password being > logged > >> >> in a cleartext :( ), but I'm interested in securing ZooKeeper in > >> >> general. I've seen projects staying away from ZooKeeper because it > >> >> doesn't support SSL, for example. > >> >> > >> > > >> > That was one of the reasons why we were trying to add netty support - > >> > it would greatly simplify enabling SSL encryption. > >> > > >> > Patrick > >> > > >> >> > >> >> On Tue, Apr 22, 2014 at 9:32 AM, Flavio Junqueira <[email protected] > <javascript:;>> > >> wrote: > >> >>> Some of you may have noticed that there is a CVE entry for ZK: > >> >>> > >> >>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085 > >> >>> > >> >>> I've never perceived ZK as a project particularly strong on the > >> security > >> >>> side, but I was wondering how folks in the list feel about creating > a > >> jira > >> >>> and working something out. > >> >>> > >> >>> -Flavio > >> > >> > > > > -- > > Best regards, > > > > - Andy > > > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > > (via Tom White) > -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
