You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@zookeeper.apache.org by GitBox <gi...@apache.org> on 2022/01/07 23:20:10 UTC

[GitHub] [zookeeper] phunt commented on pull request #1785: ZOOKEEPER-4425: `snap` 4lw command enabling on demand snapshots

phunt commented on pull request #1785:
URL: https://github.com/apache/zookeeper/pull/1785#issuecomment-1007814494


   I have a concern about this change - tbh whether the feature should be supported at all. If you notice none of the existing 4lw allow changes to the "persistent" state of the service. This is on purpose. 4lw have no security - eg no authz. 4lw have been a source of security issues in the. past - in particular DOS attacks. eg https://issues.apache.org/jira/browse/ZOOKEEPER-2693
   see also
   https://issues.apache.org/jira/issues/?jql=project%20%3D%20ZOOKEEPER%20AND%20text%20~%20%224lw%20dos%22
   Please reconsider this feature, at least in the current form. Thx.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@zookeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org