Mohammad Arshad created ZOOKEEPER-2699:
------------------------------------------
Summary: Restrict 4lw commands based on client IP
Key: ZOOKEEPER-2699
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2699
Project: ZooKeeper
Issue Type: Bug
Components: security, server
Reporter: Mohammad Arshad
Assignee: Mohammad Arshad
Currently 4lw commands are executed without authentication and can be accessed
from any IP which has access to ZooKeeper server. ZOOKEEPER-2693 attempts to
limit the 4lw commands which are enabled by default or enabled by configuration.
In addition to ZOOKEEPER-2693 we should also restrict 4lw commands based on
client IP as well. It is required for following scenario
# User wants to enable all the 4lw commands
# User wants to limit the access of the commands which are considered to be
safe by default.
*Implementation:*
we can introduce new property 4lw.commands.host.whitelist
# By default we allow all the hosts, but off course only on the 4lw exposed
commands as per the ZOOKEEPER-2693
# It can be configured to allow individual IPs(192.168.1.2,192.168.1.3 etc.)
# It can also be configured to allow group of IPs like 192.168.1.*
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
