[ https://issues.apache.org/jira/browse/ZOOKEEPER-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Enrico Olivelli updated ZOOKEEPER-2097: --------------------------------------- Fix Version/s: (was: 3.5.6) > Clarify security requirement for Exists request > ----------------------------------------------- > > Key: ZOOKEEPER-2097 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2097 > Project: ZooKeeper > Issue Type: Task > Affects Versions: 3.4.6, 3.5.0 > Reporter: Ian Dimayuga > Assignee: Ian Dimayuga > Priority: Minor > Fix For: 3.6.0, 3.5.7 > > Attachments: ZOOKEEPER-2097.patch > > > According to the [Programmer's > Guide|http://zookeeper.apache.org/doc/current/zookeeperProgrammers.html]: > bq. Everyone implicitly has LOOKUP permission. This allows you to stat a > node, but nothing more. (The problem is, if you want to call zoo_exists() on > a node that doesn't exist, there is no permission to check.) > This implies that Exists has no security requirement, so the existing comment > in FinalRequestProcessor > {code}// TODO we need to figure out the security requirement for this!{code} > can be removed. -- This message was sent by Atlassian Jira (v8.3.2#803003)