See https://builds.apache.org/job/ZooKeeper_branch33_solaris/862/
###
## LAST 60 LINES OF THE CONSOLE
###
[...truncated 104778 lines...]
[junit] 2014-04-22
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13976512#comment-13976512
]
Rakesh R commented on ZOOKEEPER-1910:
-
Thanks [~rgs] for the comments.
{quote}Why
See https://builds.apache.org/job/ZooKeeper_branch33/1290/
###
## LAST 60 LINES OF THE CONSOLE
###
[...truncated 123660 lines...]
[junit] 2014-04-22 09:49:30,118 -
See https://builds.apache.org/job/ZooKeeper-trunk/2298/
###
## LAST 60 LINES OF THE CONSOLE
###
[...truncated 307453 lines...]
[exec] Log Message Received:
[
https://issues.apache.org/jira/browse/ZOOKEEPER-723?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13976863#comment-13976863
]
Rakesh R commented on ZOOKEEPER-723:
Hi folks,
Both ZOOKEEPER-834 and this has
Some of you may have noticed that there is a CVE entry for ZK:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085
I've never perceived ZK as a project particularly strong on the security
side, but I was wondering how folks in the list feel about creating a
jira and working
See https://builds.apache.org/job/ZooKeeper-trunk-jdk7/851/
###
## LAST 60 LINES OF THE CONSOLE
###
[...truncated 274289 lines...]
[junit] 2014-04-22 16:43:41,568
That's a great idea.
The link talks about one specific vulnerability (password being logged
in a cleartext :( ), but I'm interested in securing ZooKeeper in
general. I've seen projects staying away from ZooKeeper because it
doesn't support SSL, for example.
On Tue, Apr 22, 2014 at 9:32 AM,
We should at least address it in some way. A jira is probably in order.
On Tue, Apr 22, 2014 at 12:32 PM, Flavio Junqueira f...@apache.org wrote:
Some of you may have noticed that there is a CVE entry for ZK:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0085
I've never
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1416?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thawan Kooburat reassigned ZOOKEEPER-1416:
--
Assignee: Thawan Kooburat
Persistent Recursive Watch
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/20448/#review41037
---
./src/java/main/org/apache/zookeeper/ZooKeeper.java
Agree. We should fix this. Would be worthy of a 3.4.7 imo. I'm having
some trouble understanding the problem though.
afaict from the linked bug/reports it seems that An admin user's
password appeared in plaintext in binary log files. Do they mean to
say in the txnlog? Or just in the log4j log?
On Tue, Apr 22, 2014 at 10:14 AM, Michi Mutsuzaki mi...@cs.stanford.edu wrote:
That's a great idea.
The link talks about one specific vulnerability (password being logged
in a cleartext :( ), but I'm interested in securing ZooKeeper in
general. I've seen projects staying away from ZooKeeper
Flavio Junqueira created ZOOKEEPER-1917:
---
Summary: Apache Zookeeper logs cleartext admin passwords
Key: ZOOKEEPER-1917
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1917
Project:
I've created ZK-1917 for this.
I think it is referring to the txn logs. If so, SSL encryption alone isn't
going to do it.
-Flavio
On 22 Apr 2014, at 18:55, Patrick Hunt ph...@apache.org wrote:
On Tue, Apr 22, 2014 at 10:14 AM, Michi Mutsuzaki mi...@cs.stanford.edu
wrote:
That's a great
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13977159#comment-13977159
]
Raul Gutierrez Segales commented on ZOOKEEPER-1910:
---
Sounds
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13977163#comment-13977163
]
Raul Gutierrez Segales commented on ZOOKEEPER-1910:
---
Just to
See https://builds.apache.org/job/ZooKeeper-trunk-jdk8/15/
###
## LAST 60 LINES OF THE CONSOLE
###
[...truncated 265969 lines...]
[junit] 2014-04-22 18:34:36,444
Hm. Well the txnlogs didn't make much sense to me. If you have that
level of access, well they you've got access to everything regardless.
Shouldn't/wouldn't those files be protected by permissions on the
datadir?
Also, which password are we storing in the txnlog? The session
password or truly
I think I know what they are talking about. Let me try to reproduce it, it
might give us a bit more clarity on the matter.
-Flavio
-Original Message-
From: Patrick Hunt [mailto:ph...@apache.org]
Sent: Tuesday, April 22, 2014 7:47 PM
To: DevZooKeeper
Cc: Michi Mutsuzaki
Subject: Re: ZK
See https://builds.apache.org/job/ZooKeeper_branch34_jdk8/13/
###
## LAST 60 LINES OF THE CONSOLE
###
[...truncated 218022 lines...]
[junit] 2014-04-23 00:04:46,184
Encryption of data at rest is a good thing.
It should be an orthogonal issue relative to wire level encryption.
Sent from my iPhone
On Apr 22, 2014, at 12:47, Patrick Hunt ph...@apache.org wrote:
Hm. Well the txnlogs didn't make much sense to me. If you have that
level of access, well
[
https://issues.apache.org/jira/browse/ZOOKEEPER-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13977838#comment-13977838
]
Rakesh R commented on ZOOKEEPER-1910:
-
OK got it. I could see an alternative
23 matches
Mail list logo
