lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SOLR-7890) By default require admin rights to access /security.json in ZK
Date Fri, 07 Aug 2015 00:32:45 GMT

     [ https://issues.apache.org/jira/browse/SOLR-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Høydahl updated SOLR-7890:
------------------------------
    Description: 
Perhaps {{VMParamsAllAndReadonlyDigestZkACLProvider}} should by default require admin access
for read/write of {{/security.json}}, and other sensitive paths. Today this is left to the
user to implement.

Also, perhaps factor out the already-known sensitive paths into a separate class, so that
various {{ACLProvider}} implementations can get a list of paths that should be admin-only,
read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere
will still do the right thing in the future if we introduce other sensitive Znodes...

  was:{{DefaultZkACLProvider}} should by default require admin access for all operations including
read/write of {{/security.json}}, and other sensitive paths. Today this is left to the user
to implement.


> By default require admin rights to access /security.json in ZK
> --------------------------------------------------------------
>
>                 Key: SOLR-7890
>                 URL: https://issues.apache.org/jira/browse/SOLR-7890
>             Project: Solr
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Jan Høydahl
>             Fix For: Trunk
>
>
> Perhaps {{VMParamsAllAndReadonlyDigestZkACLProvider}} should by default require admin
access for read/write of {{/security.json}}, and other sensitive paths. Today this is left
to the user to implement.
> Also, perhaps factor out the already-known sensitive paths into a separate class, so
that various {{ACLProvider}} implementations can get a list of paths that should be admin-only,
read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere
will still do the right thing in the future if we introduce other sensitive Znodes...



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message