lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SOLR-8756) Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername" in solr.xml
Date Sun, 14 Apr 2019 18:49:00 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817386#comment-16817386
] 

Jan Høydahl commented on SOLR-8756:
-----------------------------------

Have a look at SOLR-12778 which is a proposed fix for the pw leak. It will use encrypted
passwords.

> Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername"
in solr.xml
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-8756
>                 URL: https://issues.apache.org/jira/browse/SOLR-8756
>             Project: Solr
>          Issue Type: Bug
>          Components: security, SolrCloud
>    Affects Versions: 5.3.1
>         Environment: Linux 64bit
>            Reporter: Forest Soup
>            Priority: Major
>              Labels: security
>
> Need 4 config in <solrhome>/solr.xml instead of -D parameter in solr.in.sh.
> like below:
> <solr>
>   <solrcloud>
>     <str name="zkDigestUsername">zkusername</str>
>     <str name="zkDigestPassword">zkpassword</str"zkDigestUsername">
>     <str name="zkDigestReadonlyUsername">zkreadonlyusername</str>
>     <str name="zkDigestReadonlyUsername">readonlypassword</str"zkDigestUsername">
> ...
> Otherwise, any user can use the linux "ps" command showing the full command line including
the plain text zookeeper username and password. If we use file store them, we can control
the access of the file not to leak the username/password.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message