Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to use ACL authorisation mechanism of Zookeeper on dubbo

See original GitHub issue

For servers exposed on the public network, using registry centre of zookeeper without fitters, it exists the security issues that zookeeper can be registered by any sever.
Actually, third party agency also discovered the vulnerability via IP and port scanning. Using iptable can not be approved.
ACL authorisation mechanism of zookeeper (username: passwd) can deal with it, but I have no idea about how to use it on dubbo.
I have searched on Google and tried it (read source code and tried to make it), I got nothing useful and did not complete it. How can I deal with this issue by username and password? Thx~

References:
- 掃文資訊：分佈式服務Dubbo+Zookeeper安全認證
- 知乎：Zookeeper+dubbo，怎么设置安全认证？

Issue Analytics

State:
Created 6 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

2reactions

chickenljcommented, Jan 9, 2018

Currently, dubbo support digest ACL provided by zookeeper. And you must use curator, because zkclient don’t support zookeeper’s ACL.

0reactions

carryxyhcommented, Aug 10, 2018

Close it now. no more feedback

&READY-TO-CLOSE&

Top Results From Across the Web

[GitHub] carryxyh commented on issue #1179: How to use ACL ...

carryxyh commented on issue #1179: How to use ACL authorisation mechanism of Zookeeper on dubbo URL: ...

Access Control in Zookeeper Using ACLs - DataFlair

In order to control access to its ZNodes, ZooKeeper uses ACLs. However, the ZooKeeper ACL implementation is very much same as UNIX file...

ZooKeeper Administrator's Guide

New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode hierarchy as a "super" user. In particular no ACL checking occurs...

apache zookeeper vulnerabilities and exploits - Vulmon

No authentication/authorization is enforced when a server attempts to join a quorum in Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta. As a ......

aes256 zookeeper - CSDN

ZOOKEEPER -1634 - A new feature proposal to ZooKeeper: authentication enforcement ... eager ACL checks of requests on local servers ZOOKEEPER-3423 - use...