Ian Dimayuga created ZOOKEEPER-2097:
---------------------------------------
Summary: Clarify security requirement for Exists request
Key: ZOOKEEPER-2097
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2097
Project: ZooKeeper
Issue Type: Task
Affects Versions: 3.5.0, 3.4.6
Reporter: Ian Dimayuga
Assignee: Ian Dimayuga
Priority: Minor
Fix For: 3.4.7, 3.5.1
According to the [Programmer's
Guide|http://zookeeper.apache.org/doc/current/zookeeperProgrammers.html]:
bq. Everyone implicitly has LOOKUP permission. This allows you to stat a node,
but nothing more. (The problem is, if you want to call zoo_exists() on a node
that doesn't exist, there is no permission to check.)
This implies that Exists has no security requirement, so the existing comment
in FinalRequestProcessor
{code}// TODO we need to figure out the security requirement for this!{code}
can be removed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
