Thanks for your review. Would it be better to change the title to “Modify JAAS” logic?
Chia-Ping Tsai <chia7...@apache.org> 于2025年3月6日周四 16:32写道: > hi Xuan-Zhang > > Thanks for this kip. Please take a look at following questions. > > cp00: > the description "(optional) we can deprecate > `org.apache.kafka.disallowed.login.m ..." seems be a little weird to me, > since we normally introduce a new config and deprecate the old one at the > same time. > > cp01: > could you please add the default allowed lists to the KIP? > > cp02: > blacklist -> disallowed list > > thanks, > chia-ping > > > On 2025/02/20 05:55:39 龚宣璋 wrote: > > Hey all, > > > > I would like to discuss a proposal regarding the JAAS-related processes. > > After some consideration, I believe we should adopt the approach of using > > an “allow-list” to filter modules, rather than relying on a > “disallow-list.” > > > > Although this KIP is simple, I believe it offers significant value in > terms > > of both security and efficiency. By focusing on what is allowed rather > than > > what is denied, we can better control and ensure trusted modules are the > > only ones in use. > > > > Thanks! > > > > KIP: > > > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=340037077 > > JIRA: > > https://issues.apache.org/jira/browse/KAFKA-18627 > > > > -- > > Best, > > Xuan-Zhang Gong > > >
