[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932884#comment-15932884
]
Shawn Heisey commented on SOLR-7896:
------------------------------------
Been a while since I said anything on this issue. I have skimmed the newest
comments, but haven't read them in-depth.
For security on the admin UI, do we want basic authentication, or do we want to
use a form-and-cookie approach like the vast majority of web applications?
HTTP basic authentication is probably the only sane choice for the API, though.
Enabling SSL out of the box still seems like a bad idea, and enabling
authentication on the API by default also seems like a bad idea. Requiring
authentication out of the box for the admin UI, probably with cookies, doesn't
seem quite so insane, though. It might be the sort of thing where no password
exists initially, but the first time you access the UI, it forces you to set
one. In cloud mode, that would probably update zookeeper, affecting all Solr
instances.
What would be really nice to have is the ability to enable/disable and
configure API authentication within the admin UI.
> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI, security
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Labels: authentication, login, password
>
> Out of the box, the Solr Administrative interface should require a password
> that the user is required to set.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
