[ https://issues.apache.org/jira/browse/KAFKA-2658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985663#comment-14985663 ]
Jun Rao commented on KAFKA-2658: -------------------------------- [~rsivaram], we had a chat with a security consulting firm last week. It actually strongly discourages the support of SASL/PLAIN in Kafka. The main reason is that the plain password is not encrypted during the wire transfer and can create a security loophole. Instead, it's better to support CRAM-MD5, which is more secure. Given that, I don't think we can include this in 0.9.0.0. > Implement SASL/PLAIN > -------------------- > > Key: KAFKA-2658 > URL: https://issues.apache.org/jira/browse/KAFKA-2658 > Project: Kafka > Issue Type: Sub-task > Components: security > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Priority: Critical > Fix For: 0.9.0.0 > > > KAFKA-1686 supports SASL/Kerberos using GSSAPI. We should enable more SASL > mechanisms. SASL/PLAIN would enable a simpler use of SASL, which along with > SSL provides a secure Kafka that uses username/password for client > authentication. > SASL/PLAIN protocol and its uses are described in > [https://tools.ietf.org/html/rfc4616]. It is supported in Java. > This should be implemented after KAFKA-1686. This task should also hopefully > enable simpler unit testing of the SASL code. -- This message was sent by Atlassian JIRA (v6.3.4#6332)