Aaron Greenspan created SOLR-7896:
-------------------------------------
Summary: Solr Administrative Interface Lacks Password Protection
Key: SOLR-7896
URL: https://issues.apache.org/jira/browse/SOLR-7896
Project: Solr
Issue Type: Bug
Components: web gui
Affects Versions: 5.2.1
Reporter: Aaron Greenspan
Priority: Critical
Out of the box, the Solr interface should require an administrative password
that the user is required to set. Apparently there are ways of configuring
Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux
admin and a programmer; I've tried, numerous times, and I've not once been able
to get it to work. The point is this, though:
*No one should have to try to get their server to support password
authentication and SSL. Solr is designed to store huge amounts of data and is
therefore a likely target for malicious users.*
This needs to be addressed! It's 2015 and Solr is on version 5!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
