[jira] [Commented] (KAFKA-5246) Remove backdoor that allows any client to produce to internal topics

TaiJuWu (Jira) Sun, 15 Feb 2026 04:18:11 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-5246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18058714#comment-18058714
 ]


TaiJuWu commented on KAFKA-5246:
--------------------------------

Draft KIP 
https://cwiki.apache.org/confluence/display/KAFKA/KIP-1246%3A+Deprecate++backdoor+that+allows+any+client+to+produce+to+internal+topics

>  Remove backdoor that allows any client to produce to internal topics
> ---------------------------------------------------------------------
>
>                 Key: KAFKA-5246
>                 URL: https://issues.apache.org/jira/browse/KAFKA-5246
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 0.10.0.0, 0.10.0.1, 0.10.1.0, 0.10.1.1, 0.10.2.0, 
> 0.10.2.1
>            Reporter: Andy Coates
>            Assignee: TaiJuWu
>            Priority: Minor
>
> kafka.admim.AdminUtils defines an ‘AdminClientId' val, which looks to be 
> unused in the code, with the exception of a single use in KafkaAPis.scala in 
> handleProducerRequest, where is looks to allow any client, using the special 
> ‘__admin_client' client id, to append to internal topics.
> This looks like a security risk to me, as it would allow any client to 
> produce either rouge offsets or even a record containing something other than 
> group/offset info.
> Can we remove this please?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-5246) Remove backdoor that allows any client to produce to internal topics

Reply via email to