[
https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15623410#comment-15623410
]
Jan Høydahl edited comment on SOLR-9609 at 10/31/16 9:00 PM:
-------------------------------------------------------------
My reasoning is that it is not likely something you ever need to change, so
using solr.in for overriding looks better than needing to upload stuff to ZK
config. And the risk of having different solr.in files is not unique to this
setting. We already need SOLR_ZK_HOST to be synchronized as well as probably
SSL settings. I think this is in the same neighborhood of deciding the basic
wiring of how hosts will talk to eachother. That's why I also think urlScheme
could move from being a clusterProp to becoming a sysProp in solr.in, or being
auto-resolved from SSL props.
And SOLR-9481 is *only* in master so far btw...
was (Author: janhoy):
My reasoning is that it is not likely something you ever need to change, so
using solr.in for overriding looks better than needing to upload stuff to ZK
config. And the risk of having different solr.in files is not unique to this
setting. We already need SOLR_ZK_HOST to be synchronized as well as probably
SSL settings. I think this is in the same neighborhood of deciding the basic
wiring of how hosts will talk to eachother. That's why I also think urlScheme
could move from being a clusterProp to becoming a sysProp in solr.in, or being
auto-resolved from SSL props.
> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
> Key: SOLR-9609
> URL: https://issues.apache.org/jira/browse/SOLR-9609
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Jeremy Martini
> Assignee: Erick Erickson
> Attachments: SOLR-9609.patch, SOLR-9609.patch, solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password
> in the configuration file, we extended JdbcDataSource to create our own
> custom implementation. Our dataSource config now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
> password. However, this seems to cause an issue when we try use Solr in a
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> multiprime gen require at least 1024-bit keysize." Full log attached.
> This seems to be due to the hard-coded value of 512 in the
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> {code:java}
> public RSAKeyPair() {
> KeyPairGenerator keyGen = null;
> try {
> keyGen = KeyPairGenerator.getInstance("RSA");
> } catch (NoSuchAlgorithmException e) {
> throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
> }
> keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt
> it, and now everything seems to work great.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
