lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Updated] (SOLR-7896) Add a login page for Solr Administrative Interface
Date Tue, 25 Aug 2015 09:49:46 GMT

     [ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jan Høydahl updated SOLR-7896:
------------------------------
         Labels: authentication login password  (was: )
       Priority: Major  (was: Critical)
    Description: Out of the box, the Solr Administrative interface should require a password
that the user is required to set.  (was: Out of the box, the Solr interface should require
an administrative password that the user is required to set. Apparently there are ways of
configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux
admin and a programmer; I've tried, numerous times, and I've not once been able to get it
to work. The point is this, though:

*No one should have to try to get their Solr instance to support password authentication and
preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store
huge amounts of data and is therefore a likely target for malicious users.*

This needs to be addressed! It's 2015 and Solr is on version 5!)
     Issue Type: New Feature  (was: Bug)
        Summary: Add a login page for Solr Administrative Interface  (was: Solr Administrative
Interface Lacks Password Protection)

Changed title and description to reflect that this is a new feature request about adding a
login screen to the Admin UI, as the Basic Authentication plugin already supports the very
simplest way of requiring a user/pass for all of Solr.

Some initial text by [~thinkcomp] was removed from the issue description to keep it short
and concise. Pasting it here for reference:
{quote}
Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm
a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've
not once been able to get it to work. The point is this, though:

*No one should have to try to get their Solr instance to support password authentication and
preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store
huge amounts of data and is therefore a likely target for malicious users.*

This needs to be addressed! It's 2015 and Solr is on version 5!
{quote}

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: security, web gui
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>              Labels: authentication, login, password
>
> Out of the box, the Solr Administrative interface should require a password that the
user is required to set.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message