[jira] [Commented] (KAFKA-3396) Unauthorized topics are returned to the user

Fri, 30 Sep 2016 23:54:07 -0700 

    [ 
https://issues.apache.org/jira/browse/KAFKA-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15538039#comment-15538039
 ] 

ASF GitHub Bot commented on KAFKA-3396:
---------------------------------------

GitHub user hachikuji opened a pull request:

    https://github.com/apache/kafka/pull/1946

    MINOR: Follow-up minor improvements/cleanup for KAFKA-3396

    

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/hachikuji/kafka followup-for-kafka-3396

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/1946.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1946
    
----
commit efd843430651aacc90d3d2b4c7f3d635416c24be
Author: Jason Gustafson <ja...@confluent.io>
Date:   2016-10-01T05:42:22Z

    MINOR: Follow-up minor improvements/cleanup for KAFKA-3396

----


> Unauthorized topics are returned to the user
> --------------------------------------------
>
>                 Key: KAFKA-3396
>                 URL: https://issues.apache.org/jira/browse/KAFKA-3396
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 0.9.0.0, 0.10.0.0
>            Reporter: Grant Henke
>            Assignee: Edoardo Comar
>            Priority: Critical
>             Fix For: 0.10.1.0
>
>
> Kafka's clients and protocol exposes unauthorized topics to the end user. 
> This is often considered a security hole. To some, the topic name is 
> considered sensitive information. Those that do not consider the name 
> sensitive, still consider it more information that allows a user to try and 
> circumvent security.  Instead, if a user does not have access to the topic, 
> the servers should act as if the topic does not exist. 
> To solve this some of the changes could include:
>       - The broker should not return a TOPIC_AUTHORIZATION(29) error for 
> requests (metadata, produce, fetch, etc) that include a topic that the user 
> does not have DESCRIBE access to.
>       - A user should not receive a TopicAuthorizationException when they do 
> not have DESCRIBE access to a topic or the cluster.
>      - The client should not maintain and expose a list of unauthorized 
> topics in org.apache.kafka.common.Cluster. 
> Other changes may be required that are not listed here. Further analysis is 
> needed. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to