We would be interested in doing a similar thing--basically implementing ssl for socket connections. These might be on a special SSL port, and would begin with the SSL handshake. We haven't done any real research on how this might work.
Be aware, also, that without zk being secure there are other potential problems. For folks who want something now you can do a fair amount at the network layer but you obviously have all-or-nothing access there. -Jay On Fri, Dec 7, 2012 at 1:53 PM, Subhash Agrawal <sagra...@actuate.com>wrote: > Hi All, > > I am new to Kafka broker and realized that Kafka broker does not enforce > client authentication at connection or message level. > To avoid DOS attack, we are planning to implement security certificate at > client connection level, not at message level, so that > we can authenticate client connection before accepting messages. > > Can you guys share your thoughts about this idea if it will be feasible > without impacting system throughput? > > Thanks > Subhash A. >
