You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Jan Høydahl (JIRA)" <ji...@apache.org> on 2015/08/07 13:27:46 UTC
[jira] [Updated] (SOLR-7236) Securing Solr (umbrella issue)
[ https://issues.apache.org/jira/browse/SOLR-7236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl updated SOLR-7236:
------------------------------
Description: This is an umbrella issue for adding security to Solr, and for high-level discussions. (was: This is an umbrella issue for adding security to Solr. The discussion here should discuss real user needs and high-level strategy, before deciding on implementation details. All work will be done in sub tasks and linked issues.
Solr has not traditionally concerned itself with security. And It has been a general view among the committers that it may be better to stay out of it to avoid "blood on our hands" in this mine-field. Still, Solr has lately seen SSL support, securing of ZK, and signing of jars, and discussions have begun about securing operations in Solr.
Some of the topics to address are
* User management (flat file, AD/LDAP etc)
* Authentication (Admin UI, Admin and data/query operations. Tons of auth protocols: basic, digest, oauth, pki..)
* Authorization (who can do what with what API, collection, doc)
* Pluggability (no user's needs are equal)
* And we could go on and on but this is what we've seen the most demand for
)
> Securing Solr (umbrella issue)
> ------------------------------
>
> Key: SOLR-7236
> URL: https://issues.apache.org/jira/browse/SOLR-7236
> Project: Solr
> Issue Type: New Feature
> Reporter: Jan Høydahl
> Labels: Security
>
> This is an umbrella issue for adding security to Solr, and for high-level discussions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org