kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jay Kreps <jay.kr...@gmail.com>
Subject Re: Quick question regarding kafka broker security
Date Fri, 07 Dec 2012 22:58:45 GMT
We would be interested in doing a similar thing--basically implementing ssl
for socket connections. These might be on a special SSL port, and would
begin with the SSL handshake. We haven't done any real research on how this
might work.

Be aware, also, that without zk being secure there are other potential
problems.

For folks who want something now you can do a fair amount at the network
layer but you obviously have all-or-nothing access there.

-Jay


On Fri, Dec 7, 2012 at 1:53 PM, Subhash Agrawal <sagrawal@actuate.com>wrote:

> Hi All,
>
> I am new to Kafka broker and realized that Kafka broker does not enforce
> client authentication at connection or message level.
> To avoid DOS attack, we are planning to implement security certificate at
> client connection level, not at message level,  so that
> we can authenticate client connection before accepting messages.
>
> Can you guys share your thoughts about this idea if it will be feasible
> without impacting system throughput?
>
> Thanks
> Subhash A.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message