Sucheta, depending on what you have in mind, you could use the ACL mechanism of Zookeeper right away, or augment it by additional measures outside Zookeeper.
Unfortunately, Zookeeper still does not support client authentication on the connection level, not does it have SSL for the ensemble-internal connections. I do hope it will soon be on the radar of the Zookeeper maintainers, so I can drop some other measures employed currently. For some cases, you may want to generally restrict the access to Zookeeper to certain IP addresses and then apply per-user ACLs for individual znodes. In that case, I suggest you use a wrapper around Zookeeper or a decent firewall to provide basic IP-address filtering, in combination with the described ACL scheme. IP filtering (unless there really is a wide variety of permitted addresses across all znodes) inside Zookeeper does not seem like a good idea to me. Otherwise, your Zookeeper won't be safe against DOS attacks or overloads from too many requests (that may be denied, but still keep Zookeeper busy). Also, the communication between Zookeeper services is not encrypted. Therefore, the vanilla Zookeeper setup is not at all suited for any open network. Consequently, you would have that firewall in front of the subnet with Zookeepers, anyway. Why not employ a basic filtering there already? Cheers, --Jürgen
