michaeljmarshall commented on PR #19455: URL: https://github.com/apache/pulsar/pull/19455#issuecomment-1457159677
@tuteng - the proxy is supposed to connect using one of the `proxyRoles` configured in the `broker.conf`. This is somewhat documented here https://pulsar.apache.org/docs/2.11.x/security-authorization/#proxy-roles. If the proxy connects with something other than a proxy role when using TLS authentication, only the proxy's role will be used to verify authorization, and that will likely result in accidental elevation of privileges. In my opinion, this is not a breaking change because it is preventing a state that shouldn't have existed in the first place. However, I guess that conclusion is up for debate. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
