KIP-993 — Allow restricting files accessed by File and Directory ConfigProviders
Accepted Kafka 3.8 AdminSecurity
Adds an allowed.paths configuration to FileConfigProvider and DirectoryConfigProvider, restricting which filesystem paths those providers may read. In security-sensitive Connect deployments, unrestricted file access allows any connector configuration to read arbitrary files on the worker host.
Details
| Author | Gantigmaa Selenge |
| Status | Accepted |
| Kafka Version | 3.8 |
| JIRA | KAFKA-14822 |
| Wiki | View on Apache Wiki |
| Created | 2023-10-24 |
| Last Modified | 2023-12-19 |
Explore how this KIP affects the Kafka protocol in the Protocol Explorer, or see the full KIP database.