[jira] [Updated] (SOLR-11650) Credentials used for BasicAuth displayed in clear text on slave nodes

Thu, 16 Nov 2017 03:02:31 -0800 

     [ 
https://issues.apache.org/jira/browse/SOLR-11650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Constantin Bugneac updated SOLR-11650:
--------------------------------------
    Description: 
Pre-requisites:

Have in place Solr configured in master slave replication with BasicAuth 
enabled.

Issue: 

In UI on slave (under Replication tab of core) the master url is displayed with 
username and password used for BasicAuth in clear text.

Example:
master url:https://solr:[email protected]:8983/solr/mycore
(see attached the screenshot)

Suggestion/Idea:

At least mask the password with  *******

  was:
Pre-requisites:

Have in place Solr configured in master slave replication with BasicAuth 
enabled.

Issue: 

In UI on slave (under Replication tab of core) the master url is displayed with 
username and password used for BasicAuth in clear text.

Example:
master url:https://solr:[email protected]:8983/solr/mycore

Suggestion/Idea:

At least mask the password with  *******


> Credentials used for BasicAuth displayed in clear text on slave nodes
> ---------------------------------------------------------------------
>
>                 Key: SOLR-11650
>                 URL: https://issues.apache.org/jira/browse/SOLR-11650
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Authentication
>    Affects Versions: 6.6.2
>            Reporter: Constantin Bugneac
>            Priority: Critical
>         Attachments: Screen Shot 2017-11-16 at 10.48.38.png
>
>
> Pre-requisites:
> Have in place Solr configured in master slave replication with BasicAuth 
> enabled.
> Issue: 
> In UI on slave (under Replication tab of core) the master url is displayed 
> with username and password used for BasicAuth in clear text.
> Example:
> master url:https://solr:[email protected]:8983/solr/mycore
> (see attached the screenshot)
> Suggestion/Idea:
> At least mask the password with  *******



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to