Hi Chris,
I agree that Connect shouldn't obtusely refuse operator-helpful information on
known, handled exceptions. The situation you describe here feels like a great
example. In cases like this, I would suggest printing the message, and in the
field that would contain the stack trace, replacin
Hi Connor,
I think this is really close but have one more thought. Uncaught exceptions
in the REST API are different from exceptions that come about when tasks or
connectors fail, and can be used for different purposes. Stack traces in
500 errors are probably only useful for the administrator of t
Hi Chris,
Apologies for the name confusion! I've been working with the my customer
sponsor over the last few weeks, and we finally have an answer regarding "only
exceptions or all responses." This organization is really interested in
removing stack traces from all responses, which will expand t
Hi Connor,
That's great, but I think you may have mistaken Colin for me :)
One more thing that should be addressed--the "public interfaces" section
isn't just for Java interfaces, it's for any changes to any public part of
Kafka that users and external developers interact with. As far as Connect
Hi Chris,
I can ask the customer if they can disclose any additional information. I
provided the information around "PCI-DSS" to give the community a flavor of the
type of environment the customer was operating in. The current mode is /not/
insecure, I would agree with this. I would be willing
Hi Connor,
I still would like to hear more about whether this feature is required for
PCI-DSS or any other security certification. Nobody I talked to seemed to
think that it was-- if there are certifications that would require this, it
would be nice to know. However, I don't object to impleme
Hi Chris!
RE: SSL, indeed, the issue is not that the information is not encrypted, but
that there is no authorization layer.
I'll be sure to edit the KIP as we continue discussion!
RE: the 200 response you highlighted, great catch! I'll work with my customer
and get back to you on their audit
Hi Connor,
Just a few more remarks!
I noticed that you said "Kafka Connect was passing these exceptions without
authentication." For what it's worth, the Connect REST API can be secured
with TLS out-of-the-box by configuring the worker with the various ssl.*
properties, but that doesn't provide a
Hi All!
Is there any additional feedback that the community can provide me on the KIP?
Has anyone else run into requirements like this, or maybe my customer is the
only one :)? If the scope looks good, is it time to call a vote? Or should I
start porting my 2.0 code to 2.6 to show examples?
Th
Hi Colin,
We did not find a specific security vulnerability. Our customer had auditors in
their environment, and they identified Kafka Connect as out of compliance with
their particular standards, something that happens all the time for REST-based
applications. What these security auditors exp
Also, if you do find a security issue, the process to follow is here:
https://kafka.apache.org/project-security.html .
best,
Colin
On Fri, Apr 3, 2020, at 14:20, Colin McCabe wrote:
> Hi Connor,
>
> If we are putting security-sensitive information into REST responses,
> that is a bug that nee
Hi Connor,
If we are putting security-sensitive information into REST responses, that is a
bug that needs to be fixed, not worked around with a configuration option. Do
you have an example of security-sensitive information appearing in the
exception text? Why do you feel that PCI-DSS requires
Hi Chris!
Thanks for your feedback! I'll number my responses to your questions / thoughts.
1. Apologies on that lack of clarity! I settled on "Detailed exception
information has been suppressed. Please see logs."
(https://github.com/apache/kafka/pull/8355/files#diff-64c265986e7bbe40cdd79f831e96
Hi Connor,
Great stuff! I generally like being able to see the stack trace of an
exception directly via the REST API but can definitely understand the
security concerns here. I've got a few questions/remarks about the KIP and
would be interested in your thoughts:
1. The KIP mentions a SUPRESSED_E
Hello All!
I’ve created the following KIP:
https://cwiki.apache.org/confluence/display/KAFKA/KIP-587:+Suppress+detailed+responses+for+handled+exceptions+in+security-sensitive+environments
The PR that originated this discussion, is here:
https://github.com/apache/kafka/pull/8355 It is based on
15 matches
Mail list logo
