Grant Henke created KAFKA-3396: ---------------------------------- Summary: Unauthorized topics are returned to the user Key: KAFKA-3396 URL: https://issues.apache.org/jira/browse/KAFKA-3396 Project: Kafka Issue Type: Bug Reporter: Grant Henke
Kafka's clients and protocol exposes unauthorized topics to the end user. This is often considered a security hole. To some, the topic name is considered sensitive information. Those that do not consider the name sensitive, still consider it more information that allows a user to try and circumvent security. Instead, if a user does not have access to the topic, the servers should act as if the topic does not exist. To solve this some of the changes could include: - The broker should not return a TOPIC_AUTHORIZATION(29) error for requests (metadata, produce, fetch, etc) that include a topic that the user does not have DESCRIBE access to. - A user should not receive a TopicAuthorizationException when they do not have DESCRIBE access to a topic or the cluster. - The client should not maintain and expose a list of unauthorized topics in org.apache.kafka.common.Cluster. Other changes may be required that are not listed here. Further analysis is needed. -- This message was sent by Atlassian JIRA (v6.3.4#6332)