Home | About | Sematext search-lucene.com search-hadoop.com
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB
 Search Hadoop and all its subprojects:

Switch to Threaded View
Kafka >> mail # user >> Securing kafka


Copy link to this message
-
Re: Securing kafka
That's sounds very interesting. Looking forward to it!
On Aug 29, 2013 11:23 PM, "Rajasekar Elango" <[EMAIL PROTECTED]> wrote:

> We have made changes to kafka code to support certificate based mutual SSL
> authentication. So the clients and broker will exchange trusted
> certificates for successful communication. This provides both
> authentication and ssl encryption. Planning to contribute that code back to
> kafka soon.
>
> Thanks,
> Raja.
>
>
> On Thu, Aug 29, 2013 at 11:16 PM, Joe Stein <[EMAIL PROTECTED]> wrote:
>
> > One use case I have been discussing recently with a few clients is
> > verifying the digital signature of a message as part of the acceptance
> > criteria of it being committed to the log and/or when it is consumed.
> >
> > I would be very interested in discussing different scenarios such as
> Kafka
> > as a service, privacy at rest as well as authorization and authentication
> > (if required).
> >
> > Hit me up
> >
> > /*******************************************
> >  Joe Stein
> >  Founder, Principal Consultant
> >  Big Data Open Source Security LLC
> >  http://www.stealth.ly
> >  Twitter: @allthingshadoop <http://www.twitter.com/allthingshadoop>
> > ********************************************/
> >
> >
> > On Thu, Aug 29, 2013 at 8:13 PM, Jay Kreps <[EMAIL PROTECTED]> wrote:
> >
> > > +1
> > >
> > > We don't have any application-level security at this time so the answer
> > is
> > > whatever you can do at the network/system level.
> > >
> > > -Jay
> > >
> > >
> > > On Thu, Aug 29, 2013 at 10:09 AM, Benjamin Black <[EMAIL PROTECTED]> wrote:
> > >
> > > > IP filters on the hosts.
> > > > On Aug 29, 2013 10:03 AM, "Calvin Lei" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Is there a way to stop a malicious user to connect directly to a
> > kafka
> > > > > broker and send any messages? Could we have the brokers to accept a
> > > > message
> > > > > to a list of know IPs?
> > > > >
> > > >
> > >
> >
>
>
>
> --
> Thanks,
> Raja.
>

 
NEW: Monitor These Apps!
elasticsearch, apache solr, apache hbase, hadoop, redis, casssandra, amazon cloudwatch, mysql, memcached, apache kafka, apache zookeeper, apache storm, ubuntu, centOS, red hat, debian, puppet labs, java, senseiDB