DUE TO SPAM, SIGN-UP IS DISABLED. Goto Selfserve wiki signup and request an account.
...
Currently, Kafka has a backdoor mechanism that allow any client with client ID `__admin_client` to producer to internal topics, bypassing normal internal topic protection. This backdoor can cause several security issues and operation concerns
- Security Vulnerability
- A malicious or misconfigured client can impersonate the admin client and produce to or consume from internal topics such as: __consumer_offsets, __transaction_state,
__share_group_state. This may lead to data corruption, invalid state transitions, or disruption of core Kafka functionality.
- A malicious or misconfigured client can impersonate the admin client and produce to or consume from internal topics such as: __consumer_offsets, __transaction_state,
- Operational Risk
No differentiation between legitimate admin tools and malicious clients
Difficult to debug when internal topics are corrupted
- Limited Legitimate Use Cases
- The legitimate use cases for producing to internal topics are:
- Coordinator: Group coordinator, Transaction Coordinator, Share Coordinator - these already use internalTopicsAllows = true with AppendOrigin.COORDINATOR
- Admin tools: Should use proper APIs instead of relying on client ID
- Internal Kafka operation: These use the appropriate append method with proper flags
...