[Poll]: User need for Solr security

[Jan Høydahl <ja...@cominvent.com>]

Hi,

Securing various Solr APIs has once again surfaced as a discussion in the developer list. See e.g. SOLR-7236
Would be useful to get some feedback from Solr users about needs "in the field".

Please reply to this email and let us know what security aspect(s) would be most important for your company to see supported in a future version of Solr.
Examples: Local user management, AD/LDAP integration, SSL, authenticated login to Admin UI, authorization for Admin APIs, e.g. admin user vs read-only user etc

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

Re: [Poll]: User need for Solr security

[Dmitry Kan <so...@gmail.com>]

Eric,

right, filesystem level encryption is the way. Making encryption part of
the lucene data structures would be a tall order.

On Thu, Mar 12, 2015 at 5:22 PM, Erick Erickson <er...@gmail.com>
wrote:

> About <1>. Gotta be careful here about what would be promised. You
> really _can't_ encrypt the _indexed_ terms in a meaningful way and
> still search. And, as you well know, you can reconstruct documents
> from the indexed terms. It's lossy, but still coherent enough to give
> security folks fits.
>
> For instance, to do a wildcard search I need to have the "run" in
> "run" match "running", "runner" "runs" etc. Any but trivial encryption
> will break that, and the trivial encryption is easy to break.
>
> So putting all this over an encrypting filesystem is an approach
> that's often used.
>
> FWIW
>
>
> On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <so...@gmail.com> wrote:
> > Hi,
> >
> > Things you have mentioned would be useful for our use-case.
> >
> > On top we've seen these two requests for securing Solr:
> >
> > 1. Encrypting the index (with a customer private key for instance). There
> > are certainly other ways to go about this, like using virtual private
> > clouds, but having the feature in solr could allow multitenant Solr
> > installations.
> >
> > 2. ACLs: giving access rights to parts of the index / document sets
> > depending on the user access rights.
> >
> >
> >
> > On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <ja...@cominvent.com>
> wrote:
> >
> >> Hi,
> >>
> >> Securing various Solr APIs has once again surfaced as a discussion in
> the
> >> developer list. See e.g. SOLR-7236
> >> Would be useful to get some feedback from Solr users about needs "in the
> >> field".
> >>
> >> Please reply to this email and let us know what security aspect(s) would
> >> be most important for your company to see supported in a future version
> of
> >> Solr.
> >> Examples: Local user management, AD/LDAP integration, SSL, authenticated
> >> login to Admin UI, authorization for Admin APIs, e.g. admin user vs
> >> read-only user etc
> >>
> >> --
> >> Jan Høydahl, search solution architect
> >> Cominvent AS - www.cominvent.com
> >>
> >>
> >
> >
> > --
> > Dmitry Kan
> > Luke Toolbox: http://github.com/DmitryKey/luke
> > Blog: http://dmitrykan.blogspot.com
> > Twitter: http://twitter.com/dmitrykan
> > SemanticAnalyzer: www.semanticanalyzer.info
>



-- 
Dmitry Kan
Luke Toolbox: http://github.com/DmitryKey/luke
Blog: http://dmitrykan.blogspot.com
Twitter: http://twitter.com/dmitrykan
SemanticAnalyzer: www.semanticanalyzer.info

Re: [Poll]: User need for Solr security

[Dmitry Kan <so...@gmail.com>]

Jan,

Index encryption is not really about trust to root users for us. It is
about letting client company to be able to secure their index with their
key. To prevent information loss through hacking to a server. What I agree
with is that this does go beyond just search ;)

Thanks for the JIRA, looks promising.

On Thu, Mar 12, 2015 at 10:06 PM, Jan Høydahl <ja...@cominvent.com> wrote:

> If you cannot trust your root users you probably have bigger problems than
> with search... I think it has been suggested to encrypt on codec or
> directory level as well. Yep, here is the JIRA
> https://issues.apache.org/jira/browse/LUCENE-2228 :)
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
> > 12. mar. 2015 kl. 16.22 skrev Erick Erickson <er...@gmail.com>:
> >
> > About <1>. Gotta be careful here about what would be promised. You
> > really _can't_ encrypt the _indexed_ terms in a meaningful way and
> > still search. And, as you well know, you can reconstruct documents
> > from the indexed terms. It's lossy, but still coherent enough to give
> > security folks fits.
> >
> > For instance, to do a wildcard search I need to have the "run" in
> > "run" match "running", "runner" "runs" etc. Any but trivial encryption
> > will break that, and the trivial encryption is easy to break.
> >
> > So putting all this over an encrypting filesystem is an approach
> > that's often used.
> >
> > FWIW
> >
> >
> > On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <so...@gmail.com>
> wrote:
> >> Hi,
> >>
> >> Things you have mentioned would be useful for our use-case.
> >>
> >> On top we've seen these two requests for securing Solr:
> >>
> >> 1. Encrypting the index (with a customer private key for instance).
> There
> >> are certainly other ways to go about this, like using virtual private
> >> clouds, but having the feature in solr could allow multitenant Solr
> >> installations.
> >>
> >> 2. ACLs: giving access rights to parts of the index / document sets
> >> depending on the user access rights.
> >>
> >>
> >>
> >> On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <ja...@cominvent.com>
> wrote:
> >>
> >>> Hi,
> >>>
> >>> Securing various Solr APIs has once again surfaced as a discussion in
> the
> >>> developer list. See e.g. SOLR-7236
> >>> Would be useful to get some feedback from Solr users about needs "in
> the
> >>> field".
> >>>
> >>> Please reply to this email and let us know what security aspect(s)
> would
> >>> be most important for your company to see supported in a future
> version of
> >>> Solr.
> >>> Examples: Local user management, AD/LDAP integration, SSL,
> authenticated
> >>> login to Admin UI, authorization for Admin APIs, e.g. admin user vs
> >>> read-only user etc
> >>>
> >>> --
> >>> Jan Høydahl, search solution architect
> >>> Cominvent AS - www.cominvent.com
> >>>
> >>>
> >>
> >>
> >> --
> >> Dmitry Kan
> >> Luke Toolbox: http://github.com/DmitryKey/luke
> >> Blog: http://dmitrykan.blogspot.com
> >> Twitter: http://twitter.com/dmitrykan
> >> SemanticAnalyzer: www.semanticanalyzer.info
>
>


-- 
Dmitry Kan
Luke Toolbox: http://github.com/DmitryKey/luke
Blog: http://dmitrykan.blogspot.com
Twitter: http://twitter.com/dmitrykan
SemanticAnalyzer: www.semanticanalyzer.info

Re: [Poll]: User need for Solr security

[Jan Høydahl <ja...@cominvent.com>]

If you cannot trust your root users you probably have bigger problems than with search... I think it has been suggested to encrypt on codec or directory level as well. Yep, here is the JIRA https://issues.apache.org/jira/browse/LUCENE-2228 :)

--
Jan Høydahl, search solution architect
Cominvent AS - www.cominvent.com

> 12. mar. 2015 kl. 16.22 skrev Erick Erickson <er...@gmail.com>:
> 
> About <1>. Gotta be careful here about what would be promised. You
> really _can't_ encrypt the _indexed_ terms in a meaningful way and
> still search. And, as you well know, you can reconstruct documents
> from the indexed terms. It's lossy, but still coherent enough to give
> security folks fits.
> 
> For instance, to do a wildcard search I need to have the "run" in
> "run" match "running", "runner" "runs" etc. Any but trivial encryption
> will break that, and the trivial encryption is easy to break.
> 
> So putting all this over an encrypting filesystem is an approach
> that's often used.
> 
> FWIW
> 
> 
> On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <so...@gmail.com> wrote:
>> Hi,
>> 
>> Things you have mentioned would be useful for our use-case.
>> 
>> On top we've seen these two requests for securing Solr:
>> 
>> 1. Encrypting the index (with a customer private key for instance). There
>> are certainly other ways to go about this, like using virtual private
>> clouds, but having the feature in solr could allow multitenant Solr
>> installations.
>> 
>> 2. ACLs: giving access rights to parts of the index / document sets
>> depending on the user access rights.
>> 
>> 
>> 
>> On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <ja...@cominvent.com> wrote:
>> 
>>> Hi,
>>> 
>>> Securing various Solr APIs has once again surfaced as a discussion in the
>>> developer list. See e.g. SOLR-7236
>>> Would be useful to get some feedback from Solr users about needs "in the
>>> field".
>>> 
>>> Please reply to this email and let us know what security aspect(s) would
>>> be most important for your company to see supported in a future version of
>>> Solr.
>>> Examples: Local user management, AD/LDAP integration, SSL, authenticated
>>> login to Admin UI, authorization for Admin APIs, e.g. admin user vs
>>> read-only user etc
>>> 
>>> --
>>> Jan Høydahl, search solution architect
>>> Cominvent AS - www.cominvent.com
>>> 
>>> 
>> 
>> 
>> --
>> Dmitry Kan
>> Luke Toolbox: http://github.com/DmitryKey/luke
>> Blog: http://dmitrykan.blogspot.com
>> Twitter: http://twitter.com/dmitrykan
>> SemanticAnalyzer: www.semanticanalyzer.info

Re: [Poll]: User need for Solr security

[Erick Erickson <er...@gmail.com>]

About <1>. Gotta be careful here about what would be promised. You
really _can't_ encrypt the _indexed_ terms in a meaningful way and
still search. And, as you well know, you can reconstruct documents
from the indexed terms. It's lossy, but still coherent enough to give
security folks fits.

For instance, to do a wildcard search I need to have the "run" in
"run" match "running", "runner" "runs" etc. Any but trivial encryption
will break that, and the trivial encryption is easy to break.

So putting all this over an encrypting filesystem is an approach
that's often used.

FWIW


On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <so...@gmail.com> wrote:
> Hi,
>
> Things you have mentioned would be useful for our use-case.
>
> On top we've seen these two requests for securing Solr:
>
> 1. Encrypting the index (with a customer private key for instance). There
> are certainly other ways to go about this, like using virtual private
> clouds, but having the feature in solr could allow multitenant Solr
> installations.
>
> 2. ACLs: giving access rights to parts of the index / document sets
> depending on the user access rights.
>
>
>
> On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <ja...@cominvent.com> wrote:
>
>> Hi,
>>
>> Securing various Solr APIs has once again surfaced as a discussion in the
>> developer list. See e.g. SOLR-7236
>> Would be useful to get some feedback from Solr users about needs "in the
>> field".
>>
>> Please reply to this email and let us know what security aspect(s) would
>> be most important for your company to see supported in a future version of
>> Solr.
>> Examples: Local user management, AD/LDAP integration, SSL, authenticated
>> login to Admin UI, authorization for Admin APIs, e.g. admin user vs
>> read-only user etc
>>
>> --
>> Jan Høydahl, search solution architect
>> Cominvent AS - www.cominvent.com
>>
>>
>
>
> --
> Dmitry Kan
> Luke Toolbox: http://github.com/DmitryKey/luke
> Blog: http://dmitrykan.blogspot.com
> Twitter: http://twitter.com/dmitrykan
> SemanticAnalyzer: www.semanticanalyzer.info

Re: [Poll]: User need for Solr security

[Dmitry Kan <so...@gmail.com>]

Hi,

Things you have mentioned would be useful for our use-case.

On top we've seen these two requests for securing Solr:

1. Encrypting the index (with a customer private key for instance). There
are certainly other ways to go about this, like using virtual private
clouds, but having the feature in solr could allow multitenant Solr
installations.

2. ACLs: giving access rights to parts of the index / document sets
depending on the user access rights.



On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <ja...@cominvent.com> wrote:

> Hi,
>
> Securing various Solr APIs has once again surfaced as a discussion in the
> developer list. See e.g. SOLR-7236
> Would be useful to get some feedback from Solr users about needs "in the
> field".
>
> Please reply to this email and let us know what security aspect(s) would
> be most important for your company to see supported in a future version of
> Solr.
> Examples: Local user management, AD/LDAP integration, SSL, authenticated
> login to Admin UI, authorization for Admin APIs, e.g. admin user vs
> read-only user etc
>
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
>
>


-- 
Dmitry Kan
Luke Toolbox: http://github.com/DmitryKey/luke
Blog: http://dmitrykan.blogspot.com
Twitter: http://twitter.com/dmitrykan
SemanticAnalyzer: www.semanticanalyzer.info

Re: [Poll]: User need for Solr security

["Henrique O. Santos" <he...@gmail.com>]

Hi,

I’m currently working with indexes that need document level security. Based on the user logged in, query results would omit documents that this user doesn’t have access to, with LDAP integration and such.

I think that would be nice to have on a future Solr release.

Henrique.

> On Mar 12, 2015, at 7:32 AM, Jan Høydahl <ja...@cominvent.com> wrote:
> 
> Hi,
> 
> Securing various Solr APIs has once again surfaced as a discussion in the developer list. See e.g. SOLR-7236
> Would be useful to get some feedback from Solr users about needs "in the field".
> 
> Please reply to this email and let us know what security aspect(s) would be most important for your company to see supported in a future version of Solr.
> Examples: Local user management, AD/LDAP integration, SSL, authenticated login to Admin UI, authorization for Admin APIs, e.g. admin user vs read-only user etc
> 
> --
> Jan Høydahl, search solution architect
> Cominvent AS - www.cominvent.com
> 

Re: [Poll]: User need for Solr security

["O. Klein" <kl...@octoweb.nl>]

I used Tomcat to secure admin pages. Haven't looked into Jetty if/how to do
this, but some basic security like you mentioned: SSL, authenticated login
to Admin UI, authorization for Admin APIs would be nice to have.



--
View this message in context: http://lucene.472066.n3.nabble.com/Poll-User-need-for-Solr-security-tp4192624p4192816.html
Sent from the Solr - User mailing list archive at Nabble.com.