Grant Henke created KAFKA-3396:
----------------------------------
Summary: Unauthorized topics are returned to the user
Key: KAFKA-3396
URL: https://issues.apache.org/jira/browse/KAFKA-3396
Project: Kafka
Issue Type: Bug
Reporter: Grant Henke
Kafka's clients and protocol exposes unauthorized topics to the end user. This
is often considered a security hole. To some, the topic name is considered
sensitive information. Those that do not consider the name sensitive, still
consider it more information that allows a user to try and circumvent security.
Instead, if a user does not have access to the topic, the servers should act
as if the topic does not exist.
To solve this some of the changes could include:
- The broker should not return a TOPIC_AUTHORIZATION(29) error for
requests (metadata, produce, fetch, etc) that include a topic that the user
does not have DESCRIBE access to.
- A user should not receive a TopicAuthorizationException when they do
not have DESCRIBE access to a topic or the cluster.
- The client should not maintain and expose a list of unauthorized topics
in org.apache.kafka.common.Cluster.
Other changes may be required that are not listed here. Further analysis is
needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
