hi Xuan-Zhang Thanks for this kip. Please take a look at following questions.
cp00: the description "(optional) we can deprecate `org.apache.kafka.disallowed.login.m ..." seems be a little weird to me, since we normally introduce a new config and deprecate the old one at the same time. cp01: could you please add the default allowed lists to the KIP? cp02: blacklist -> disallowed list thanks, chia-ping On 2025/02/20 05:55:39 龚宣璋 wrote: > Hey all, > > I would like to discuss a proposal regarding the JAAS-related processes. > After some consideration, I believe we should adopt the approach of using > an “allow-list” to filter modules, rather than relying on a “disallow-list.” > > Although this KIP is simple, I believe it offers significant value in terms > of both security and efficiency. By focusing on what is allowed rather than > what is denied, we can better control and ensure trusted modules are the > only ones in use. > > Thanks! > > KIP: > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=340037077 > JIRA: > https://issues.apache.org/jira/browse/KAFKA-18627 > > -- > Best, > Xuan-Zhang Gong >
