lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl (JIRA) <>
Subject [jira] [Commented] (SOLR-13345) Admin UI login page doesn't accept empty passwords
Date Sun, 14 Apr 2019 15:03:00 GMT


Jan Høydahl commented on SOLR-13345:

{quote}One could argue that we could set the initial password to "password" or "12345",
Or generate a strong password in the first place, and communicate this to the customer in
the welcome email?

There is a clear benefit in not allowing empty password in UI, that if you accidentally hit
Enter after username, the UI will not send the form until you enter a pw.

Also, {{bin/solr auth}} does not either support empty password, so if it was to be allowed,
the whole system would need to prepare for it.
$ bin/solr auth enable -credentials solr: -blockUnknown true
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 1
at org.apache.solr.util.SolrCLI$AuthTool.handleBasicAuth({code}

> Admin UI login page doesn't accept empty passwords
> --------------------------------------------------
>                 Key: SOLR-13345
>                 URL:
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Admin UI
>    Affects Versions: 7.7, 8.0
>            Reporter: Märt
>            Priority: Minor
> In solr 7.6 and older, it was possible to log in with an empty password using basic auth.
The new Admin UI login page implemented in SOLR-7896 no longer accepts empty passwords.
> This issue was discussed in the solr-user mailing list

This message was sent by Atlassian JIRA

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message