Build failed in Jenkins: pulsar-website-build #521

2019-01-09 Thread Apache Jenkins Server
See Changes: [mmerli] bump mac pulsar c++ client version to 2.2.1 (#3329) [mmerli] Fix consumer stats log error. (#3327) [mmerli] Some settings of WebSocket proxy are not effective (#3328) [github] timeout

Re: What is the point of proxy level authorization?

2019-01-09 Thread Ivan Kelly
> Assume a role/principal R has permissions to produce on a namespace. If > we don't authenticate at the proxy then anyone (attacker) can say that they > belong to role R and connect to the proxy, the proxy will forward the role > name to the broker which will authorize it and allow access. Ins

Re: What is the point of proxy level authorization?

2019-01-09 Thread Jai Asher
Ideally, it's better if we can authorize at proxy level and reject all unauthorized connections before connecting to the broker - lesser chances of broker being Dos’d. However in order to authorize a role, we needed access to zookeeper, connection to zookeeper was something we wanted to avoid for

Re: What is the point of proxy level authorization?

2019-01-09 Thread Ivan Kelly
This could be sidestepped by having a rest endpoint to ask whether role R has access to resource X. In fact, it looks like if you give the proxy access to ZK, then ZK can be dos'd via the proxy. -Ivan On Wed, Jan 9, 2019 at 4:32 PM Jai Asher wrote: > > Ideally, it's better if we can authorize a

Re: What is the point of proxy level authorization?

2019-01-09 Thread Matteo Merli
On Wed, Jan 9, 2019 at 8:24 AM Ivan Kelly wrote: > This could be sidestepped by having a rest endpoint to ask whether > role R has access to resource X. > > In fact, it looks like if you give the proxy access to ZK, then ZK can > be dos'd via the proxy. > The ACLs are cached locally though (and