hi all I am facing a "security issue" with Zookeeper (not from the impl but from the "design" standpoint)
we will use ZK as a service discovery registry (pure common usage...) but we would like that some znodes do not be updated without auhtentication. we tested ACL and it works fine but the "limitations" that I see are (1) pwd transported in clear and (2) you need to manage technical users (so pwd storage, encryptions, etc etc..) So we prefer not using ACL and keep anonymous access on all nodes. But, we are facing "issues" with zkCli because any machine having zkcli can connect to the Zookeeper ensemble and modify structure / values. To be honnest, I would prefer a solution based on the fact we have a white list of IPs allowed to access ZK, we control the ssh keys to connect to the machines etc...Can we do that? more generally, do you have experience to share with me? how would you handle that? any suggestions would be welcomed. Regards. PS : we are using curator so maybe the ACLProvider could help (to access an LDAP or...)
