You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@storm.apache.org by "Robert Joseph Evans (JIRA)" <ji...@apache.org> on 2014/02/07 17:48:24 UTC
[jira] [Updated] (STORM-224) Storm should use stricter ACLs within
zookeeper
[ https://issues.apache.org/jira/browse/STORM-224?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Joseph Evans updated STORM-224:
--------------------------------------
Summary: Storm should use stricter ACLs within zookeeper (was: Storm should use stricter ACLs whin zookeeper)
> Storm should use stricter ACLs within zookeeper
> -----------------------------------------------
>
> Key: STORM-224
> URL: https://issues.apache.org/jira/browse/STORM-224
> Project: Apache Storm (Incubating)
> Issue Type: Sub-task
> Reporter: Robert Joseph Evans
>
> In a stand alone environment storm stores everything wide open in ZK. We really should lock this down with ACLs so that individual topologies cannot modify data that the storm system uses, and so that other topologies cannot modify/interfere with each other.
> The current code from Yahoo will generate a random username/password for each topology that is launched. This works great for most topologies, but for trident topologies because they store long lived data in ZK the user has to keep the credentials around themselves. We would love to switch ZK access over to use a forwarded TGT, but have not finished the work to do this yet.
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)