[
https://issues.apache.org/jira/browse/KAFKA-5547?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16108674#comment-16108674
]
huxihx commented on KAFKA-5547:
-------------------------------
[~hachikuji] A quick question please. Why does the check order matter? Why
cannot we simply throw TOPIC_AUTHORIZATION_FAILED for those topics without
being authorized `Describe` ?
> Return topic authorization failed if no topic describe access
> -------------------------------------------------------------
>
> Key: KAFKA-5547
> URL: https://issues.apache.org/jira/browse/KAFKA-5547
> Project: Kafka
> Issue Type: Improvement
> Reporter: Jason Gustafson
> Labels: security, usability
> Fix For: 1.0.0
>
>
> We previously made a change to several of the request APIs to return
> UNKNOWN_TOPIC_OR_PARTITION if the principal does not have Describe access to
> the topic. The thought was to avoid leaking information about which topics
> exist. The problem with this is that a client which sees this error will just
> keep retrying because it is usually treated as retriable. It seems, however,
> that we could return TOPIC_AUTHORIZATION_FAILED instead and still avoid
> leaking information as long as we ensure that the Describe authorization
> check comes before the topic existence check. This would avoid the ambiguity
> on the client.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
