Another possible solution is to use stunnel to authenticate clients with a 
certificate.  It's a bit harder to spoof a certificate than an IP address.

-----Original Message-----
From: Benjamin Black [mailto:b...@b3k.us] 
Sent: Thursday, August 29, 2013 1:10 PM
To: users@kafka.apache.org
Subject: Re: Securing kafka

IP filters on the hosts.
On Aug 29, 2013 10:03 AM, "Calvin Lei" <ckp...@gmail.com> wrote:

> Is there a way to stop a malicious user to connect directly to a kafka 
> broker and send any messages? Could we have the brokers to accept a 
> message to a list of know IPs?
>

Reply via email to