Andy Coates created KAFKA-5246:
----------------------------------
Summary: Remove backdoor that allows any client to produce to
internal topics
Key: KAFKA-5246
URL: https://issues.apache.org/jira/browse/KAFKA-5246
Project: Kafka
Issue Type: Bug
Components: core
Affects Versions: 0.10.2.1, 0.10.2.0, 0.10.1.1, 0.10.1.0, 0.10.0.1, 0.10.0.0
Reporter: Andy Coates
Priority: Minor
kafka.admim.AdminUtils defines an ‘AdminClientId' val, which looks to be unused
in the code, with the exception of a single use in KafkaAPis.scala in
handleProducerRequest, where is looks to allow any client, using the special
‘__admin_client' client id, to append to internal topics.
This looks like a security risk to me, as it would allow any client to produce
either rouge offsets or even a record containing something other than
group/offset info.
Can we remove this please?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
