[
https://issues.apache.org/jira/browse/KAFKA-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15300408#comment-15300408
]
ASF GitHub Bot commented on KAFKA-3396:
---------------------------------------
GitHub user edoardocomar opened a pull request:
https://github.com/apache/kafka/pull/1428
KAFKA-3396 : Unauthorized topics are returned to the user
Modified KafkaApis to return Errors.UNKNOWN_TOPIC_OR_PARTITION if
principal has no Describe access to topic
Unit tests expanded
Some paths cause the client to block due to bug
https://issues.apache.org/jira/browse/KAFKA-3727?filter=-2
tests work around this by executing in separate thread
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/edoardocomar/kafka KAFKA-3396
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/kafka/pull/1428.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #1428
----
commit 623f3ebd3ecca664a3b201fa86aa58964427f972
Author: Edoardo Comar <[email protected]>
Date: 2016-05-25T15:22:06Z
KAFKA-3396 : Unauthorized topics are returned to the user
Modified KafkaApis to return Errors.UNKNOWN_TOPIC_OR_PARTITION if
principal has no Describe access to topic
Unit tests expanded
Some paths cause the client to block due to bug
https://issues.apache.org/jira/browse/KAFKA-3727?filter=-2
tests work around this by executing in separate thread
----
> Unauthorized topics are returned to the user
> --------------------------------------------
>
> Key: KAFKA-3396
> URL: https://issues.apache.org/jira/browse/KAFKA-3396
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.0, 0.10.0.0
> Reporter: Grant Henke
> Assignee: Edoardo Comar
> Fix For: 0.10.0.1
>
>
> Kafka's clients and protocol exposes unauthorized topics to the end user.
> This is often considered a security hole. To some, the topic name is
> considered sensitive information. Those that do not consider the name
> sensitive, still consider it more information that allows a user to try and
> circumvent security. Instead, if a user does not have access to the topic,
> the servers should act as if the topic does not exist.
> To solve this some of the changes could include:
> - The broker should not return a TOPIC_AUTHORIZATION(29) error for
> requests (metadata, produce, fetch, etc) that include a topic that the user
> does not have DESCRIBE access to.
> - A user should not receive a TopicAuthorizationException when they do
> not have DESCRIBE access to a topic or the cluster.
> - The client should not maintain and expose a list of unauthorized
> topics in org.apache.kafka.common.Cluster.
> Other changes may be required that are not listed here. Further analysis is
> needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
