[
https://issues.apache.org/jira/browse/KAFKA-1810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14362217#comment-14362217
]
Jeff Holoman commented on KAFKA-1810:
-------------------------------------
Updated reviewboard https://reviews.apache.org/r/29714/diff/
against branch origin/trunk
> Add IP Filtering / Whitelists-Blacklists
> -----------------------------------------
>
> Key: KAFKA-1810
> URL: https://issues.apache.org/jira/browse/KAFKA-1810
> Project: Kafka
> Issue Type: New Feature
> Components: core, network, security
> Reporter: Jeff Holoman
> Assignee: Jeff Holoman
> Priority: Minor
> Fix For: 0.8.3
>
> Attachments: KAFKA-1810.patch, KAFKA-1810_2015-01-15_19:47:14.patch,
> KAFKA-1810_2015-03-15_01:13:12.patch
>
>
> While longer-term goals of security in Kafka are on the roadmap there exists
> some value for the ability to restrict connection to Kafka brokers based on
> IP address. This is not intended as a replacement for security but more of a
> precaution against misconfiguration and to provide some level of control to
> Kafka administrators about who is reading/writing to their cluster.
> 1) In some organizations software administration vs o/s systems
> administration and network administration is disjointed and not well
> choreographed. Providing software administrators the ability to configure
> their platform relatively independently (after initial configuration) from
> Systems administrators is desirable.
> 2) Configuration and deployment is sometimes error prone and there are
> situations when test environments could erroneously read/write to production
> environments
> 3) An additional precaution against reading sensitive data is typically
> welcomed in most large enterprise deployments.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
