You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@lucene.apache.org by "Constantin Bugneac (JIRA)" <ji...@apache.org> on 2017/11/16 10:47:00 UTC

[jira] [Created] (SOLR-11650) Credentials used for BasicAuth displayed in clear text on slave nodes

Constantin Bugneac created SOLR-11650:
-----------------------------------------

             Summary: Credentials used for BasicAuth displayed in clear text on slave nodes
                 Key: SOLR-11650
                 URL: https://issues.apache.org/jira/browse/SOLR-11650
             Project: Solr
          Issue Type: Bug
      Security Level: Public (Default Security Level. Issues are Public)
          Components: Authentication
    Affects Versions: 6.6.2
            Reporter: Constantin Bugneac
            Priority: Critical


Pre-requisites:

Have in place Solr configured in master slave replication with BasicAuth enabled.

Issue: 

In UI on slave (under Replication tab of core) the master url is displayed with username and password used for BasicAuth in clear text.

Example:
master url:https://solr:SdjuDf3tM98@solr-master.local.com:8983/solr/mycore

Suggestion/Idea:

At least mask the password with  *******



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org