November 2022
Beginner to intermediate
346 pages
11h
Chinese
Content preview from Kafka权威指南(第2版)
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
222
|
第
11
章
11.8
保护平台
前文讨论了如何保护
Kafka
和
ZooKeeper
。生产环境的系统所采用的安全威胁模型不仅要
涵盖单个组件的安全威胁,还要涵盖整个系统的安全威胁。威胁模型提供了一个系统抽
象,用于识别潜在的威胁和相关风险。在评估、记录并基于风险等级确定了威胁优先级之
后,必须实施针对每个潜在威胁的缓解策略,以确保整个系统的安全。在评估潜在威胁
时,需要考虑外部威胁和内部威胁。对于存储
PII
或其他敏感数据的系统,还必须实施符
合监管政策的措施。不过,与威胁模型建模技术相关的内容超出了本章的讨论范围。
除
了用安全的身份验证、授权和加密来保护
Kafka
中的
数据和
ZooKeeper
中的元数据,还
必须采取额外的措施来确保平台的安全性。可以用网络防火墙来保护网络,用加密来保护
物理存储,用文件系统权限来保护包含身份验证凭证的密钥存储、信任存储和
Kerberos
密
钥表文件。必须对包含安全关键信息(如凭证)的配置文件进行访问限制。由于在配置文
件中保存明文密码是不安全的(即使对访问权限进行了限制),因此
Kafka
支持将密码外
部化到安全存储中。
保护密码
可以为
broker
和客户端配置提供程序,用于从安全的第三方密码存储库获取密码。也可以
将密码加密后保存在配置文件中,并提供用于解密的提供程序。
下面的提供程序使用
gpg
来解密保存在文件中的
broker
或客户端属性。
public class GpgProvider implements ConfigProvider {
@Override
public ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.