You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "Michael Han (JIRA)" <ji...@apache.org> on 2017/03/13 16:22:04 UTC
[jira] [Updated] (ZOOKEEPER-2097) Clarify security requirement for
Exists request
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2097?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Michael Han updated ZOOKEEPER-2097:
-----------------------------------
Fix Version/s: (was: 3.5.3)
3.5.4
> Clarify security requirement for Exists request
> -----------------------------------------------
>
> Key: ZOOKEEPER-2097
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2097
> Project: ZooKeeper
> Issue Type: Task
> Affects Versions: 3.4.6, 3.5.0
> Reporter: Ian Dimayuga
> Assignee: Ian Dimayuga
> Priority: Minor
> Fix For: 3.5.4, 3.6.0
>
> Attachments: ZOOKEEPER-2097.patch
>
>
> According to the [Programmer's Guide|http://zookeeper.apache.org/doc/current/zookeeperProgrammers.html]:
> bq. Everyone implicitly has LOOKUP permission. This allows you to stat a node, but nothing more. (The problem is, if you want to call zoo_exists() on a node that doesn't exist, there is no permission to check.)
> This implies that Exists has no security requirement, so the existing comment in FinalRequestProcessor
> {code}// TODO we need to figure out the security requirement for this!{code}
> can be removed.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)