[
https://issues.apache.org/jira/browse/KAFKA-3396?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ismael Juma updated KAFKA-3396:
-------------------------------
Priority: Critical (was: Major)
> Unauthorized topics are returned to the user
> --------------------------------------------
>
> Key: KAFKA-3396
> URL: https://issues.apache.org/jira/browse/KAFKA-3396
> Project: Kafka
> Issue Type: Bug
> Components: security
> Affects Versions: 0.9.0.0, 0.10.0.0
> Reporter: Grant Henke
> Assignee: Edoardo Comar
> Priority: Critical
> Fix For: 0.10.1.0
>
>
> Kafka's clients and protocol exposes unauthorized topics to the end user.
> This is often considered a security hole. To some, the topic name is
> considered sensitive information. Those that do not consider the name
> sensitive, still consider it more information that allows a user to try and
> circumvent security. Instead, if a user does not have access to the topic,
> the servers should act as if the topic does not exist.
> To solve this some of the changes could include:
> - The broker should not return a TOPIC_AUTHORIZATION(29) error for
> requests (metadata, produce, fetch, etc) that include a topic that the user
> does not have DESCRIBE access to.
> - A user should not receive a TopicAuthorizationException when they do
> not have DESCRIBE access to a topic or the cluster.
> - The client should not maintain and expose a list of unauthorized
> topics in org.apache.kafka.common.Cluster.
> Other changes may be required that are not listed here. Further analysis is
> needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
