On Thu, Mar 10, 2022 at 12:26 PM Michael Marshall <mmarsh...@apache.org> wrote: > > I believe we can address the risk by providing a switch to enable/disable > > this feature. > > Would it be worth putting server side filtering behind a flag in the > FeatureFlags protobuf message so that clients can still benefit from > the new topic notifications and caching even if the client has to > filter names itself?
Yes, that's a good point, though we don't need a feature flag for that. Simple the broker would return a list marked as not-filtered. One other approach could be to detect "simple" regexes vs "complex" or "potentially malicious" regexes. Eg. simplifying a lot... if it only contains `.*` sequence we do server filtering, otherwise we fall back and let the client execute it.
