[jira] [Commented] (ZOOKEEPER-3999) zkTxnLogToolkit tool should have a user-password authentication to avoid data security issues

Thu, 12 Nov 2020 06:02:14 -0800 


    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-3999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17230649#comment-17230649
 ] 

maoling commented on ZOOKEEPER-3999:
------------------------------------

This kind of security issue should be guaranteed by the Linux OS file system 
for which users can access these zookeeper transactional logs.

Take an example from mysql: (we can use _*mysqlbinlog*_ to view the insert DML 
to see what data had been inserted) 
{code:java}
/data/mysql/percona_server/bin/mysqlbinlog --no-defaults -vv --skip-gtids 
--database=test  --base64-output=decode-rows  mysql-bin.000156 > 
/tmp/mysql-bin.000156
{code}

> zkTxnLogToolkit tool should have a user-password authentication to avoid data 
> security issues
> ---------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-3999
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3999
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: scripts
>            Reporter: maoling
>            Assignee: maoling
>            Priority: Major
>
> we now can use _*zkTxnLogToolkit.sh*_ to view data directly. For example:
> {code:java}
> ./zkTxnLogToolkit.sh 
> /data/software/zookeeper/zkdataLog/version-2/log.fa9c00000001
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@1461] - 
> zookeeper.flushDelay=0
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@1470] - 
> zookeeper.maxWriteQueuePollTime=0
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@1479] - 
> zookeeper.maxBatchSize=1000
> 2020-11-12 21:43:00,864 [myid:] - INFO  [main:ZooKeeperServer@243] - 
> zookeeper.intBufferStartingSizeBytes = 1024
> 20-3-30 下午06时35分11秒 session 0x100019a8e490000 cxid 0x0 zxid 0xfa9c00000001 
> createSession 30000
> 20-3-30 下午06时35分22秒 session 0x100019a8e490000 cxid 0x1 zxid 0xfa9c00000002 
> create /03-30, bob,[31,s{'world,'anyone}
> ],false,12012
> 20-3-30 下午06时40分29秒 session 0x100019a8e490000 cxid 0x2 zxid 0xfa9c00000003 
> create /03-30-2, alice,[31,s{'world,'anyone}
> ],false,12013
> EOF reached after 3 txns.
> EOF reached after 3 txns.{code}
> That is a rash move to make the ACL mechanism meaningless. Users can view the 
> znode data at will.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to