lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Created] (SOLR-7889) Secure ZooKeeper should be easy and the default
Date Fri, 07 Aug 2015 00:09:47 GMT
Jan Høydahl created SOLR-7889:

             Summary: Secure ZooKeeper should be easy and the default
                 Key: SOLR-7889
             Project: Solr
          Issue Type: Improvement
          Components: security
            Reporter: Jan Høydahl
            Priority: Critical
             Fix For: Trunk, 5.4

ZooKeeper security is documented at
but is not trivial to setup, see

As we enable more and more security stuff, securing ZK should be easier to do and ideally
the default.

The {{DefaultZkACLProvider}} should by default require admin access for all operations including
read of {{/security.json}}, and other sensitive paths. Today this is left to the user to implement.

Move manual env-var instructions from documentation into start scripts, with defaults for
read-only and admin user passwords.

Perhaps even Solr should refuse to start if ZK communication is not ACL protected, encrypted
and if default admin passwd is not changed. Overrideable with a new option {{bin/solr start

Let this JIRA be an umbrella for several child tasks.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message