[jira] [Commented] (SOLR-10076) Hiding keystore and truststore passwords from /admin/info/* outputs

Mon, 06 Feb 2017 03:22:03 -0800 

    [ 
https://issues.apache.org/jira/browse/SOLR-10076?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15853853#comment-15853853
 ] 

Mano Kovacs commented on SOLR-10076:
------------------------------------

bq. Been thinking about the same, but perhaps instead of a generic rule about 
containing password, we could have a property somewhere for what paths to hide.

Thanks [~janhoy] for the feedback! I was also thinking of a pattern-based 
parameter masking for input password. I prepared a patch with a RedactionUtils 
that I will extend with external parameters and upload it shortly.

bq. I would also like to hide the content of some ZK nodes such as 
security.json, and there may also be other places where passwords are exposed 
through props or APIs...
I was not aware of the security.json exposing password, I created a separate 
jira for that as well (SOLR-10100).

bq. Ideal would be if this could be coupled with Authorization, so that certain 
info could be controlled through group membership in AuthorizationPlugin?
In general, I would not add password visibility based on privileges. I think 
passwords should not be revertible, as that would expose them to the 
reliability of the authorization plugin and the admin users' cautiousness. For 
me it would somewhat beat the purpose of this jira: reducing the exposure of 
the security credentials. Do you see any business-case when you would grant 
certain roles to view these passwords?

> Hiding keystore and truststore passwords from /admin/info/* outputs
> -------------------------------------------------------------------
>
>                 Key: SOLR-10076
>                 URL: https://issues.apache.org/jira/browse/SOLR-10076
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Mano Kovacs
>
> Passing keystore and truststore password is done by system properties, via 
> cmd line parameter.
> As result, {{/admin/info/properties}} and {{/admin/info/system}} will print 
> out the received password.
> Proposing solution to automatically redact value of any system property 
> before output, containing the word {{password}}, and replacing its value with 
> {{******}}.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to