Hello,
out-of-the-box Zookeeper as part of XAP is started without any security. Anybody could connect to default port 2181 and execute any operations, including deleting the whole directory, or writing wrong information. The attacker just needs to download a standard Zookeeper tarball, start command-line client and connect to a right port.
I consider this to be a very high security risk as an attacker could easily destroy the complete grid lookup infrastructure. Do you agree with my assessment?
If my assessment is right, could you please provide a guide how to manually secure Zookeeper as a part of XAP, as long as sufficient security is not provided out-of-the-box.
↧