Ashish K Singh created KAFKA-3221:
-------------------------------------
Summary: kafka-acls.sh must verify if a user has sufficient
privileges to perform acls CRUD
Key: KAFKA-3221
URL: https://issues.apache.org/jira/browse/KAFKA-3221
Project: Kafka
Issue Type: Improvement
Reporter: Ashish K Singh
Assignee: Ashish K Singh
kafka-acls.sh provides an insecure entry point to Kafka's authorization. No
checks are performed or no user information is provided to authorizer to
validate a user, before the user performs CRUD of acls. This is a security hole
that must be addressed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
