lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Høydahl <jan....@cominvent.com>
Subject Re: How secure is Zookeeper digest auth?
Date Sun, 16 Sep 2018 21:48:08 GMT
Thanks. Solr uses Zk 3.4.x with no support for TLS. Zk communication is over low level binary
TCP. I’m aware that if/when we get 3.5.x support we should deploy SSL.

My question is, how do folks secure their current zk and is there a way to circumvent the
lack of SSL? I don’t care if people can read the traffic but I do care if the auth credentials
can easily be sniffed and replayed, thus enable write acces to zk, which lets you disable
all Solr security.

Jan

> 16. sep. 2018 kl. 22:45 skrev Christopher Schultz <chris@christopherschultz.net>:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Jan,
> 
>> On 9/16/18 16:22, Jan Høydahl wrote:
>> We plan to enable (digest) authentication and ACL with Zookeeper to
>> improve security.
> 
> Can you be more explicit? There is HTTP DIGEST auth and then there are
> "digested" (hashed) passwords for the user-database. The former is
> secure on the wire and the other one is wire-agnostic.
> 
>> However, we have not been able to answer the question of how secure
>> such a setup will be, given that ZK 3.4.x TCP communication is
>> unencrypted.
>> 
>> So, do anyone know if ZK sends the password in cleartext over the
>> network, so that anyone who can sniff the network can also pick up
>> the password, and connect and read/write nodes in ZK?
>> 
>> We'll of course add all the firewall and IP filtering we can. Do
>> you have any other tricks you use to increase ZK security?
> 
> I'm not using ZK (yet) so this may be supremely ignorant since I don't
> know what protocol it uses to communicate: I would recommend using
> mutual-TLS authentication everywhere. I have just deployed such a
> system (single-node, no cluster/ZK) and all of the communication for
> both admin and querying are over client-authenticated TLS.
> 
> Even if an attacker gets onto the box where Solr is running, they
> cannot attack it without also breaking filesystem privileges or
> exploiting the users who have access to the Solr client key stores.
> 
> (I just did a little Googling and it looks like only ZK 3.5+ has TLS
> available. At any rate, that should be your target for the future if
> you really want a secure environment.
> 
> - -chris
> -----BEGIN PGP SIGNATURE-----
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAluewOgACgkQHPApP6U8
> pFiE1g/8CiRxFySxCPZRU+OdGaw5JjtMNGs3oBDaf75LIQYDnsXAU9wJFjaEKymD
> snceusjikN85XyPIFBWLhbWvrdjKhJxm29q8xqqnwTkY1WmGis53Es9NHyT/I1UX
> dY3UGAbf148+ZR6NtCFDQPVQtKKfHqE/VAl2bJzMARTC1nPS3v3mtgKEbrAC5ZqX
> WMMkb6pOFH58Yj7jeEdHi/y8MKEOeXV3MynWrsSRqGsJsG4Ms55pdBvWtZmIZR+c
> 0sM4d7zUl18/JjP82YvhhHvHW0IQL+TGKLE1s22p6JRrMU9fzcxNoD9b1r9WORGl
> UixQETpBPkKw+VWXBesTxTNkprddMH6oGzm2KkWb9zOH0BehF/ChjB1W0vnC7RXB
> lEKWdNkwbLfrP1r+plpy2aVc3PV0lw3jsJdxLf3tMTEPgzeU6wweiJR+YMW6J0iS
> 4TWFouuL6yGSY7jT99lW+CmBfKHGEXoUlrxS2WSM9BvYuV8pJvzVuEkb1PmXUQdI
> rgQIW30Vk0jDwS6SMxdOy/TkbCDAV9dFqsqmYFTSN9W8jBdSx9RevOPnJyVnvCvI
> qq96sTqhPa0iSHYWWK5PAzZAvfbcRmohcut/1ZWml1pNZlZzBT0QGQUJm9CzXfS7
> v6FNf7PrpIiqOlai1Js67Fm6QrWzjGPVhDl474Q1tAG1rFU2cSM=
> =U0Fj
> -----END PGP SIGNATURE-----

Mime
View raw message