Hi Zara, I'm sorry but this question would be better asked over on the Solr lists
http://lucene.apache.org/solr/resources.html#solr-user-list-solr-userlucene Lewis On Wed, Feb 24, 2016 at 12:39 PM, <[email protected]> wrote: > From: Zara Parst <[email protected]> > To: [email protected], [email protected], AALSIHE < > [email protected]>, [email protected], [email protected], > [email protected], [email protected], [email protected], > [email protected] > Cc: > Date: Wed, 24 Feb 2016 13:57:26 +0530 > Subject: I have one small question that always intrigue me > Hi everyone, > > I am really need your help, please read below > > > If we have to run solr in cloud mode, we are going to use zookeeper, now > any zookeeper client can connect to zookeeper server, Zookeeper has > facility to protect znode however any one can see znode acl however > password could be encrypted. Decrypting password or guessing password is > not a big deal. As we know password is SHA encrypted also there is no > limitation of number of try to authorize with ACL. So my point is how to > safegard zookeeper. > > I can guess few things > > a. Don't reveal ip of your zookeeper ( security with obscurity ) > b. ip table which is also not a very good idea > c. what else ?? > > My guess was if some how we can protect zookeeper server itself by asking > client to authorize them self before it can make connection to ensemble > even at root ( /) znode. > > Please please at least comment on this , I really need your help.
