You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "maoling (Jira)" <ji...@apache.org> on 2020/03/31 10:34:00 UTC
[jira] [Commented] (ZOOKEEPER-3185) After the skipACL flag is
opened, the acl of the created node becomes 'auth,'. This will cause the
node to be unreadable after closing the skipACL.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3185?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17071662#comment-17071662 ]
maoling commented on ZOOKEEPER-3185:
------------------------------------
When users setAcl with skipAcl=yes, throw an exception to forbid it?
When users have a *superDigest*(that is a good practice), this issue seems not a big problem.
> After the skipACL flag is opened, the acl of the created node becomes 'auth,'. This will cause the node to be unreadable after closing the skipACL.
> ---------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-3185
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3185
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.4.12
> Reporter: ZHU CHONG
> Priority: Major
>
> 1、
> Modify configuration file zoo.cfg,set skipACL=yes.
> 2、
> create /test null digest:test:ooOS6Ac+VQuWIVe96Ts+Phqg0LU=:cdrwa
> 123 is password ,ooOS6Ac+VQuWIVe96Ts+Phqg0LU= is ciphertext
> 3、
> getAcl /test
> 'auth,'
> : cdrwa
> 4、
> Modify configuration file zoo.cfg,set skipACL=no.
> 5、
> addauth digest test:123
> 6、
> get /test
> Authentication is not valid : /test
--
This message was sent by Atlassian Jira
(v8.3.4#803005)