You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@zookeeper.apache.org by Andaka Mundaka <an...@gmail.com> on 2018/10/11 20:02:01 UTC

Which is the best option to secure the solr specific data in zookeeper?

Hi,

When the solr authentication is enabled, which is better to use ZK ACL or
enable authentication for the whole zookeeper itself? Or is their any other
better option?

Thanks,
Yamuna J

Re: Which is the best option to secure the solr specific data in zookeeper?

Posted by Norbert Kalmar <nk...@cloudera.com.INVALID>.

Hi,

I don't know how solr authentication from the viewpoint of ZooKeeper.
ACL makes sense to restrict the content solr cretes in ZooKeeper.

I'm not sure what you mean by enabling authentication for the whole
ZooKeeper?
ZK has server-to-server (quorum auth) and client-to-server mutual
authentication.
Looks like solr has org.apache.solr.common.cloud.SaslZkACLProvider, that's
basically the client authentication part in ZooKeeper, and you can use ACL.

Quorum authentication won't help you to protect your data from fraudulent
clients. That's just against fraudulent servers.

So my short answer is that ACL is the way to go when securing client data
is the question.

Regards,
Norbert