[jira] [Updated] (KAFKA-3221) kafka-acls.sh must verify if a user has sufficient privileges to perform acls CRUD

Ashish K Singh (JIRA) Mon, 08 Feb 2016 15:02:31 -0800

     [ 
https://issues.apache.org/jira/browse/KAFKA-3221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ashish K Singh updated KAFKA-3221:
----------------------------------
    Affects Version/s: 0.9.0.0

> kafka-acls.sh must verify if a user has sufficient privileges to perform acls 
> CRUD
> ----------------------------------------------------------------------------------
>
>                 Key: KAFKA-3221
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3221
>             Project: Kafka
>          Issue Type: Improvement
>    Affects Versions: 0.9.0.0
>            Reporter: Ashish K Singh
>            Assignee: Ashish K Singh
>
> kafka-acls.sh provides an insecure entry point to Kafka's authorization. No 
> checks are performed or no user information is provided to authorizer to 
> validate a user, before the user performs CRUD of acls. This is a security 
> hole that must be addressed.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (KAFKA-3221) kafka-acls.sh must verify if a user has sufficient privileges to perform acls CRUD

Reply via email to