You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2019/08/23 04:05:49 UTC
[GitHub] [pulsar] Monica-zy commented on a change in pull request #5014:
[doc] Improve Pulsar Security Overview
Monica-zy commented on a change in pull request #5014: [doc] Improve Pulsar Security Overview
URL: https://github.com/apache/pulsar/pull/5014#discussion_r316967689
##########
File path: site2/docs/security-overview.md
##########
@@ -4,28 +4,23 @@ title: Pulsar Security Overview
sidebar_label: Overview
---
-Apache Pulsar is the central message bus for a business. It is frequently used to store mission-critical data, and therefore enabling security features are crucial.
+As the central message bus for a business, Apache Pulsar is frequently used for storing mission-critical data. Therefore, enabling security features in Pulsar is crucial.
-By default, there is no encryption, authentication, or authorization configured. Any client can communicate to Apache Pulsar via plain text service urls.
-It is critical that access via these plain text service urls is restricted to trusted clients only. Network segmentation and/or authorization ACLs can be used
-to restrict access to trusted IPs in such cases. If neither is used, the cluster is wide open and can be accessed by anyone.
+By default, Pulsar configures no encryption, authentication, or authorization. Any client can communicate to Apache Pulsar via plain text service urls. So we must ensure that Pulsar accessing via these plain text service urls is restricted to trusted clients only. In such cases, you can use Network segmentation and/or authorization ACLs to restrict access to trusted IPs. If you use neither, the state of cluster is wide open and anyone can access the cluster.
-Pulsar supports a pluggable authentication mechanism that Pulsar clients can use to authenticate with brokers and proxies. Pulsar
-can also be configured to support multiple authentication sources.
+Pulsar supports a pluggable authentication mechanism. And Pulsar clients use this mechanism to authenticate with brokers and proxies. You can also configure Pulsar to support multiple authentication sources.
-It is strongly recommended to secure the service components in your Apache Pulsar deployment.
+You'd better secure the service components in your Apache Pulsar deployment.
## Role Tokens
-In Pulsar, a *role* is a string, like `admin` or `app1`, that can represent a single client or multiple clients. Roles are used to control permission for clients
-to produce or consume from certain topics, administer the configuration for tenants, and more.
+In Pulsar, a *role* is a string, like `admin` or `app1`, which can represent one or more clients. You can use roles to control permission for clients to produce or consume from certain topics, administer the configuration for tenants, and so on.
-Apache Pulsar uses a [Authentication Provider](#authentication-providers) to establish the identity of a client and then assign that client a *role token*. This
-role token is then used for [Authorization and ACLs](security-authorization.md) to determine what the client is authorized to do.
+Apache Pulsar uses the [Authentication Provider](#authentication-providers) to establish the identity of a client and then assign a *role token* to that client. This role token is then used for [Authorization and ACLs](security-authorization.md) to determine what the client is authorized to do.
## Authentication Providers
-Currently Pulsar supports two authentication providers:
+Currently Pulsar supports three authentication providers:
Review comment:
Ok, like this?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services