Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Plain View
Kafka >> mail # user >> Securing kafka


+
Calvin Lei 2013-08-29, 17:03
+
Benjamin Black 2013-08-29, 17:10
+
Jay Kreps 2013-08-30, 00:14
+
Joe Stein 2013-08-30, 03:16
+
Rajasekar Elango 2013-08-30, 03:23
+
Joe Stein 2013-08-30, 03:33
Copy link to this message
-
Re: Securing kafka
No certificates are not per topic. It is for entire broker.

Thanks,
Raja.
On Thu, Aug 29, 2013 at 11:33 PM, Joe Stein <[EMAIL PROTECTED]> wrote:

> are the certificate stores by topic? very interesting!!! looking forward to
> trying it out and review it
>
> /*******************************************
>  Joe Stein
>  Founder, Principal Consultant
>  Big Data Open Source Security LLC
>  http://www.stealth.ly
>  Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
> ********************************************/
>
>
> On Thu, Aug 29, 2013 at 11:22 PM, Rajasekar Elango
> <[EMAIL PROTECTED]>wrote:
>
> > We have made changes to kafka code to support certificate based mutual
> SSL
> > authentication. So the clients and broker will exchange trusted
> > certificates for successful communication. This provides both
> > authentication and ssl encryption. Planning to contribute that code back
> to
> > kafka soon.
> >
> > Thanks,
> > Raja.
> >
> >
> > On Thu, Aug 29, 2013 at 11:16 PM, Joe Stein <[EMAIL PROTECTED]> wrote:
> >
> > > One use case I have been discussing recently with a few clients is
> > > verifying the digital signature of a message as part of the acceptance
> > > criteria of it being committed to the log and/or when it is consumed.
> > >
> > > I would be very interested in discussing different scenarios such as
> > Kafka
> > > as a service, privacy at rest as well as authorization and
> authentication
> > > (if required).
> > >
> > > Hit me up
> > >
> > > /*******************************************
> > >  Joe Stein
> > >  Founder, Principal Consultant
> > >  Big Data Open Source Security LLC
> > >  http://www.stealth.ly
> > >  Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
> > > ********************************************/
> > >
> > >
> > > On Thu, Aug 29, 2013 at 8:13 PM, Jay Kreps <[EMAIL PROTECTED]>
> wrote:
> > >
> > > > +1
> > > >
> > > > We don't have any application-level security at this time so the
> answer
> > > is
> > > > whatever you can do at the network/system level.
> > > >
> > > > -Jay
> > > >
> > > >
> > > > On Thu, Aug 29, 2013 at 10:09 AM, Benjamin Black <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > IP filters on the hosts.
> > > > > On Aug 29, 2013 10:03 AM, "Calvin Lei" <[EMAIL PROTECTED]> wrote:
> > > > >
> > > > > > Is there a way to stop a malicious user to connect directly to a
> > > kafka
> > > > > > broker and send any messages? Could we have the brokers to
> accept a
> > > > > message
> > > > > > to a list of know IPs?
> > > > > >
> > > > >
> > > >
> > >
> >
> >
> >
> > --
> > Thanks,
> > Raja.
> >
>

--
Thanks,
Raja.

 
+
Maxime Brugidou 2013-08-30, 12:25
+
Jay Kreps 2013-08-31, 01:04
+
Jason Rosenberg 2013-09-02, 20:14
+
Calvin Lei 2013-08-30, 22:23
+
Scott Clasen 2013-08-31, 00:11
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB