KIP-587 — Suppress detailed responses for handled exceptions in security-sensitive environments
Discussion ConnectSecurity
Introduces a `rest.extension.classes` configuration option for Kafka Connect workers that enables pluggable REST extensions, and specifically adds a mode to suppress exception stack traces and detailed error messages from Connect REST API responses in security-sensitive deployments. Detailed exception messages in REST responses risk leaking internal system information, violating security policies that require information minimization in API error bodies.
Details
| Author | Connor Penhale |
| Status | Discussion |
| JIRA | KAFKA-9766 |
| Wiki | View on Apache Wiki |
| Created | 2020-04-02 |
| Last Modified | 2020-05-06 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.