You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Michael Han (JIRA)" <ji...@apache.org> on 2017/03/13 16:22:04 UTC

[jira] [Updated] (ZOOKEEPER-2097) Clarify security requirement for Exists request

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Michael Han updated ZOOKEEPER-2097:
-----------------------------------
    Fix Version/s:     (was: 3.5.3)
                   3.5.4

> Clarify security requirement for Exists request
> -----------------------------------------------
>
>                 Key: ZOOKEEPER-2097
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2097
>             Project: ZooKeeper
>          Issue Type: Task
>    Affects Versions: 3.4.6, 3.5.0
>            Reporter: Ian Dimayuga
>            Assignee: Ian Dimayuga
>            Priority: Minor
>             Fix For: 3.5.4, 3.6.0
>
>         Attachments: ZOOKEEPER-2097.patch
>
>
> According to the [Programmer's Guide|http://zookeeper.apache.org/doc/current/zookeeperProgrammers.html]:
> bq. Everyone implicitly has LOOKUP permission. This allows you to stat a node, but nothing more. (The problem is, if you want to call zoo_exists() on a node that doesn't exist, there is no permission to check.)
> This implies that Exists has no security requirement, so the existing comment in FinalRequestProcessor
> {code}// TODO we need to figure out the security requirement for this!{code}
> can be removed.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)