[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Aaron Greenspan updated SOLR-7896:
----------------------------------
Description:
Out of the box, the Solr interface should require an administrative password
that the user is required to set. Apparently there are ways of configuring
Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux
admin and a programmer; I've tried, numerous times, and I've not once been able
to get it to work. The point is this, though:
*No one should have to try to get their Solr instance to support password
authentication and preferably SSL (even if it's just with a self-signed
certificate). Solr is designed to store huge amounts of data and is therefore a
likely target for malicious users.*
This needs to be addressed! It's 2015 and Solr is on version 5!
was:
Out of the box, the Solr interface should require an administrative password
that the user is required to set. Apparently there are ways of configuring
Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux
admin and a programmer; I've tried, numerous times, and I've not once been able
to get it to work. The point is this, though:
*No one should have to try to get their server to support password
authentication and SSL. Solr is designed to store huge amounts of data and is
therefore a likely target for malicious users.*
This needs to be addressed! It's 2015 and Solr is on version 5!
> Solr Administrative Interface Lacks Password Protection
> -------------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: Bug
> Components: security, web gui
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Priority: Critical
>
> Out of the box, the Solr interface should require an administrative password
> that the user is required to set. Apparently there are ways of configuring
> Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced
> Linux admin and a programmer; I've tried, numerous times, and I've not once
> been able to get it to work. The point is this, though:
> *No one should have to try to get their Solr instance to support password
> authentication and preferably SSL (even if it's just with a self-signed
> certificate). Solr is designed to store huge amounts of data and is therefore
> a likely target for malicious users.*
> This needs to be addressed! It's 2015 and Solr is on version 5!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
