ZOOKEEPER-5050. Enhance documentation of AdminServer to highlight security considerations#2389
ZOOKEEPER-5050. Enhance documentation of AdminServer to highlight security considerations#2389anmolnar wants to merge 2 commits into
Conversation
| > unless explicitly configured otherwise. By default, communication is **unencrypted (HTTP)** and **client authentication | ||
| > is disabled**. Most administrative commands can be executed by any client that can connect to the AdminServer. |
There was a problem hiding this comment.
given these issues why wouldn't this be disabled by default?
|
|
||
| #### Default Security Posture | ||
|
|
||
| The default AdminServer configuration is intended for ease of use in trusted environments, but it is **not secure for |
There was a problem hiding this comment.
shouldn't we err on the side of security instead? (see prev line comment)
|
|
||
| In addition, restrict access to the AdminServer port using firewall rules. | ||
|
|
||
| #### Disable the AdminServer If Not Needed |
There was a problem hiding this comment.
we could flip this (see prev comments) and say to enable if needed?
|
It's not clear to me (and I don't see here nor in the references JIRA) why we wouldn't just flip this and disable by default, include the excellent new docs you've added, and put the burden on the user to ensure the requisite security enforcement prior to enabling/overriding? I think this would be fine and "backward compatible" given the user can make a change via config at runtime - we could include such details in the release notes. |
|
@eolivelli PTAL. |
2 participants
No description provided.