search

dspeterson / dory

Producer daemon for Apache Kafka
Other
70 stars 12 forks source link

Security #18

Open MrMoronIV opened 5 years ago

MrMoronIV commented 5 years ago

Does dory support the security mechanisms of kafka?

Like mentioned here: https://kafka.apache.org/documentation/#security

Something like: SASL/PLAIN - starting at version 0.10.0.0 SASL/SCRAM-SHA-256 and SASL/SCRAM-SHA-512 - starting at version 0.10.2.0 Encryption and Authentication using SSL

dspeterson commented 5 years ago

That's another item on my to-do list. I'd definitely like to add support for TLS/SSL and SASL, but I haven't yet found the time to do it. I welcome contributions if you're so inclined ;-)

MrMoronIV commented 5 years ago

Yeah I've never written C so I'm afraid that won't be a smart move, unfortunately (i was truly considering it).

The reason that I'm so interested in dory is because it makes so much sense to push events that come from PHP scripts to an external process so it doesn't affect page loads and user experience. I'm thinking about writing a standalone php daemon but it would do what dory does but probably less efficient (since not in C).

Also, as far as my google skills go (unless you know better), dory is the only producer that takes messages via a socket and takes care of all the work. Why dory is alone in this approach is a total mystery to me since it makes so much sense to outsource delivery from any programming language to an external program. and writing to a socket is ten times easier than reinventing what dory already does in that specific language. I also use nodejs so that would mean an easy push to a socket instead of writing a complete robust client in nodejs.

So yeah, maybe I'm missing something here, but to me, the approach dory takes should be the default approach to producing kafka messages in my opinion. So please fix all them things to make my life easier :p (I'm kidding of course)

dspeterson commented 5 years ago

Thanks very much for the encouragement :-) I'll keep adding features and updates, although progress is slow because I have a limited amount of time to work on Dory these days. I definitely intend to add support for security protocols such as TLS/SSL and SASL, hopefully in the not too distant future. In the meantime, you may want to try putting a TLS termination proxy such as stunnel on the web servers running your PHP code. Then dory would go through the proxy to communicate with the Kafka brokers. I've never tried it myself, but in principle it should work.