lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mano Kovacs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-10076) Hiding keystore and truststore passwords from /admin/info/* outputs
Date Mon, 06 Feb 2017 11:21:42 GMT

    [ https://issues.apache.org/jira/browse/SOLR-10076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15853853#comment-15853853
] 

Mano Kovacs commented on SOLR-10076:
------------------------------------

bq. Been thinking about the same, but perhaps instead of a generic rule about containing password,
we could have a property somewhere for what paths to hide.

Thanks [~janhoy] for the feedback! I was also thinking of a pattern-based parameter masking
for input password. I prepared a patch with a RedactionUtils that I will extend with external
parameters and upload it shortly.

bq. I would also like to hide the content of some ZK nodes such as security.json, and there
may also be other places where passwords are exposed through props or APIs...
I was not aware of the security.json exposing password, I created a separate jira for that
as well (SOLR-10100).

bq. Ideal would be if this could be coupled with Authorization, so that certain info could
be controlled through group membership in AuthorizationPlugin?
In general, I would not add password visibility based on privileges. I think passwords should
not be revertible, as that would expose them to the reliability of the authorization plugin
and the admin users' cautiousness. For me it would somewhat beat the purpose of this jira:
reducing the exposure of the security credentials. Do you see any business-case when you would
grant certain roles to view these passwords?

> Hiding keystore and truststore passwords from /admin/info/* outputs
> -------------------------------------------------------------------
>
>                 Key: SOLR-10076
>                 URL: https://issues.apache.org/jira/browse/SOLR-10076
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Mano Kovacs
>
> Passing keystore and truststore password is done by system properties, via cmd line parameter.
> As result, {{/admin/info/properties}} and {{/admin/info/system}} will print out the received
password.
> Proposing solution to automatically redact value of any system property before output,
containing the word {{password}}, and replacing its value with {{******}}.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message