Hi Gustavo,

Actually, in my case, we have a fully decentralized service. Something like 
where you have users in a social network. Originally, we were thinking of using 
a distributed consensus algorithm (e.g., Paxos) to perform some functionalities 
(e.g., leader election). 

Then, I read about ZooKeeper and was thinking of using ZooKeeper for leader 
election instead. However, that means that we're introducing a "central" 
server/service to the architecture. 

Currently, I'm just thinking of some of the original functionalities and how 
much of these functionalities I can offload to ZooKeeper, without breaking the 
original privacy/security motivation.


-Harold




--- On Thu, 6/25/09, Gustavo Niemeyer <gust...@niemeyer.net> wrote:

> From: Gustavo Niemeyer <gust...@niemeyer.net>
> Subject: Re: General Question about Zookeeper
> To: zookeeper-user@hadoop.apache.org
> Date: Thursday, June 25, 2009, 1:59 PM
> Hey Harold,
> 
> > I am interested in a security aspect of zookeeper,
> where the clients and the servers don't necessarily belong
> to the same "group". If a client creates a znode in the
> zookeeper? Can the person, who owns the zookeeper server,
> simply look at its filesystem and read the data
> (out-of-band, not using a client, simply browsing the file
> system of the machine hosting the zookeeper server)?
> 
> Yes, absolutely.  You could certainly encrypt the data
> that goes
> through the ZooKeeper server, but since ZooKeeper is
> supposed to be
> doing coordination work, I think that if you don't trust
> the server,
> the whole situation might get a bit awkward.  I'm
> curious about your
> use case, since I'm pondering about doing something where
> clients
> don't necessarily trust other clients or machines in the
> same network
> (or even different users in the same machine), thus might
> require
> additional tighting up, but if you don't trust the server
> itself, that
> may be tricky.  Please note that ZooKeeper isn't meant
> to be used just
> as a distributed filesystem for storage, but that's
> probably not your
> intention anyway.
> 
> -- 
> Gustavo Niemeyer
> http://niemeyer.net
> 



Reply via email to