lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-8897) SSL-related passwords in are in plain text
Date Fri, 14 Oct 2016 12:20:20 GMT


Jan Høydahl commented on SOLR-8897:

For the problem of revealing passwords in, would it help to point to an external
file for retrieving the SSL passwords? e.g. {{SOLR_SSL_CONFIGFILE=/var/secret/ssl-passwords.txt}}?

I'm not sure if we can avoid passing the passwords to Jetty using sysprops. However, we can
avoid passwords being exposed in the Admin UI "Args" section by showing {{*****}} instead
of password? Probably need to be done on REST API level?

> SSL-related passwords in are in plain text
> -----------------------------------------------------
>                 Key: SOLR-8897
>                 URL:
>             Project: Solr
>          Issue Type: Improvement
>          Components: scripts and tools, security
>            Reporter: Esther Quansah
> As per the steps mentioned at following URL, one needs to store the plain text password
for the keystore to configure SSL for Solr, which is not a good idea from security perspective.
> URL:
> Is there any way so that the encrypted password can be stored (instead of plain password)
in to configure SSL?

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message