lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SOLR-7890) By default require admin rights to access /security.json in ZK
Date Fri, 21 Aug 2015 13:04:45 GMT

     [ https://issues.apache.org/jira/browse/SOLR-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Høydahl updated SOLR-7890:
------------------------------
    Attachment: SOLR-7890.patch

First patch with tests that succeed. It requires the "solr backend" credentials for ZK in
order to show content in the ZK tree browser for the protected nodes (configurable).

If a non-backed user tries to access, the node will be seen but {{*** ZNODE DATA PROTECTED
***}} will be displayed in place of the content.

> By default require admin rights to access /security.json in ZK
> --------------------------------------------------------------
>
>                 Key: SOLR-7890
>                 URL: https://issues.apache.org/jira/browse/SOLR-7890
>             Project: Solr
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Jan Høydahl
>             Fix For: Trunk
>
>         Attachments: SOLR-7890.patch
>
>
> Perhaps {{VMParamsAllAndReadonlyDigestZkACLProvider}} should by default require admin
access for read/write of {{/security.json}}, and other sensitive paths. Today this is left
to the user to implement.
> Also, perhaps factor out the already-known sensitive paths into a separate class, so
that various {{ACLProvider}} implementations can get a list of paths that should be admin-only,
read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere
will still do the right thing in the future if we introduce other sensitive Znodes...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message