[jira] [Resolved] (KAFKA-5547) Return topic authorization failed if no topic describe access

Jason Gustafson (JIRA) Fri, 06 Oct 2017 13:19:26 -0700

     [ 
https://issues.apache.org/jira/browse/KAFKA-5547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jason Gustafson resolved KAFKA-5547.
------------------------------------
       Resolution: Fixed
    Fix Version/s:     (was: 1.1.0)
                   1.0.0

Issue resolved by pull request 3924
[https://github.com/apache/kafka/pull/3924]

> Return topic authorization failed if no topic describe access
> -------------------------------------------------------------
>
>                 Key: KAFKA-5547
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5547
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Jason Gustafson
>            Assignee: Manikumar
>              Labels: security, usability
>             Fix For: 1.0.0
>
>
> We previously made a change to several of the request APIs to return 
> UNKNOWN_TOPIC_OR_PARTITION if the principal does not have Describe access to 
> the topic. The thought was to avoid leaking information about which topics 
> exist. The problem with this is that a client which sees this error will just 
> keep retrying because it is usually treated as retriable. It seems, however, 
> that we could return TOPIC_AUTHORIZATION_FAILED instead and still avoid 
> leaking information as long as we ensure that the Describe authorization 
> check comes before the topic existence check. This would avoid the ambiguity 
> on the client.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (KAFKA-5547) Return topic authorization failed if no topic describe access

Reply via email to