Hi everyone,
the current ACL functionality in Kafka is a bit limited concerning
host based rules when specifying multiple hosts. A common scenario for
this would be that if have a YARN cluster running Spark jobs that
access Kafka and want to create ACLs based on the ip addresses of the
cluster nod
Hi Sonke,
IP address based security doesn't really work, though. Users can spoof IP
addresses. They can poison the ARP cache on a local network, or impersonate a
DNS server.
For users who want some access controls, but don't care about security, maybe
we should make it easier to use and crea
Hi Colin,
I agree with you on the fact that IP based security is not absolute. I was
considering it as an additional layer of security to be used in conjunction
with ssl certificates, so the rule would contain both the principal and
some hosts. This way if someone manages to obtain the certificate
Regardless of our personal opinions about security, fact is that Kafka
right now has "limit access by IP" functionality (as does MySQL for
instance). And the usability of the feature is limited by the fact that you
can only manage one IP at a time, while in the real-world applications
normally have