You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2019/04/14 18:49:00 UTC
[jira] [Commented] (SOLR-8756) Need 4 config
"zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername"
in solr.xml
[ https://issues.apache.org/jira/browse/SOLR-8756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817386#comment-16817386 ]
Jan Høydahl commented on SOLR-8756:
-----------------------------------
Have a look at SOLR-12778 which is a proposed fix for the pw leak. It will use encrypted passwords.
> Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername" in solr.xml
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-8756
> URL: https://issues.apache.org/jira/browse/SOLR-8756
> Project: Solr
> Issue Type: Bug
> Components: security, SolrCloud
> Affects Versions: 5.3.1
> Environment: Linux 64bit
> Reporter: Forest Soup
> Priority: Major
> Labels: security
>
> Need 4 config in <solrhome>/solr.xml instead of -D parameter in solr.in.sh.
> like below:
> <solr>
> <solrcloud>
> <str name="zkDigestUsername">zkusername</str>
> <str name="zkDigestPassword">zkpassword</str"zkDigestUsername">
> <str name="zkDigestReadonlyUsername">zkreadonlyusername</str>
> <str name="zkDigestReadonlyUsername">readonlypassword</str"zkDigestUsername">
> ...
> Otherwise, any user can use the linux "ps" command showing the full command line including the plain text zookeeper username and password. If we use file store them, we can control the access of the file not to leak the username/password.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org