You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by "Mickael Maison (Jira)" <ji...@apache.org> on 2023/03/20 09:54:00 UTC
[jira] [Created] (KAFKA-14822) Allow restricting File and Directory ConfigProviders to specific paths
Mickael Maison created KAFKA-14822:
--------------------------------------
Summary: Allow restricting File and Directory ConfigProviders to specific paths
Key: KAFKA-14822
URL: https://issues.apache.org/jira/browse/KAFKA-14822
Project: Kafka
Issue Type: Improvement
Reporter: Mickael Maison
Assignee: Mickael Maison
In sensitive environments, it would be interesting to be able to restrict the files that can be accessed by the built-in configuration providers.
For example:
config.providers=directory
config.providers.directory.class=org.apache.kafka.connect.configs.DirectoryConfigProvider
config.providers.directory.path=/var/run
Then if a caller tries to access another path, for example
ssl.keystore.password=${directory:/etc/passwd:keystore-password}
it would be rejected.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)