You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Joe San <co...@gmail.com> on 2017/06/23 08:10:37 UTC
Exposing Kafka Topic to External Parties
Dear Kafka Users,
Would you consider it a good practice to expose the Kafka topic directly to
a 3rd party application? While doing this, I need to satisfy the following:
1. I will have say 10 topics and I would need to make sure that only
authorized parties are able to write into the Topic
2. If I use certificates (2 way trust), would this mean that when I add new
broker nodes, I need to make sure that the new certificates are shared with
all the 3rd parties and their certificates being installed on my new broker
node?
3. Since I'm exposing my topic directly, a naughty 3rd party could play
around and might eventually case a DoS attack?
Thanks,
Joe
Re: Exposing Kafka Topic to External Parties
Posted by Joe San <co...@gmail.com>.
So is it in general a good idea to ask my clients who are out of my IT
infrastructure to directly write to my Topic? I'm seeing this as an
anti-pattern. What do you guys think?
On Mon, Jun 26, 2017 at 8:15 PM, Samuel Taylor <st...@square-root.com>
wrote:
> Hi Joe,
>
> For #2, if brokers and clients trust a certain certificate authority (CA),
> you should be able to just sign a new certificate with that CA (without
> having to explicitly share said cert with all parties).
>
> - Samuel
>
> On Fri, Jun 23, 2017 at 3:10 AM, Joe San <co...@gmail.com> wrote:
>
> > Dear Kafka Users,
> >
> > Would you consider it a good practice to expose the Kafka topic directly
> to
> > a 3rd party application? While doing this, I need to satisfy the
> following:
> >
> > 1. I will have say 10 topics and I would need to make sure that only
> > authorized parties are able to write into the Topic
> >
> > 2. If I use certificates (2 way trust), would this mean that when I add
> new
> > broker nodes, I need to make sure that the new certificates are shared
> with
> > all the 3rd parties and their certificates being installed on my new
> broker
> > node?
> >
> > 3. Since I'm exposing my topic directly, a naughty 3rd party could play
> > around and might eventually case a DoS attack?
> >
> > Thanks,
> > Joe
> >
>
Re: Exposing Kafka Topic to External Parties
Posted by Samuel Taylor <st...@square-root.com>.
Hi Joe,
For #2, if brokers and clients trust a certain certificate authority (CA),
you should be able to just sign a new certificate with that CA (without
having to explicitly share said cert with all parties).
- Samuel
On Fri, Jun 23, 2017 at 3:10 AM, Joe San <co...@gmail.com> wrote:
> Dear Kafka Users,
>
> Would you consider it a good practice to expose the Kafka topic directly to
> a 3rd party application? While doing this, I need to satisfy the following:
>
> 1. I will have say 10 topics and I would need to make sure that only
> authorized parties are able to write into the Topic
>
> 2. If I use certificates (2 way trust), would this mean that when I add new
> broker nodes, I need to make sure that the new certificates are shared with
> all the 3rd parties and their certificates being installed on my new broker
> node?
>
> 3. Since I'm exposing my topic directly, a naughty 3rd party could play
> around and might eventually case a DoS attack?
>
> Thanks,
> Joe
>