[ https://issues.apache.org/jira/browse/KAFKA-5547?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ismael Juma updated KAFKA-5547: ------------------------------- Labels: security usability (was: ) > Return topic authorization failed if no topic describe access > ------------------------------------------------------------- > > Key: KAFKA-5547 > URL: https://issues.apache.org/jira/browse/KAFKA-5547 > Project: Kafka > Issue Type: Improvement > Reporter: Jason Gustafson > Labels: security, usability > Fix For: 0.11.1.0 > > > We previously made a change to several of the request APIs to return > UNKNOWN_TOPIC_OR_PARTITION if the principal does not have Describe access to > the topic. The thought was to avoid leaking information about which topics > exist. The problem with this is that a client which sees this error will just > keep retrying because it is usually treated as retriable. It seems, however, > that we could return TOPIC_AUTHORIZATION_FAILED instead and still avoid > leaking information as long as we ensure that the Describe authorization > check comes before the topic existence check. This would avoid the ambiguity > on the client. -- This message was sent by Atlassian JIRA (v6.4.14#64029)