[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16419378#comment-16419378
]
Aaron Greenspan commented on SOLR-7896:
---------------------------------------
Here's how I'd like Solr to work. When installing it fresh (no content), the
first thing you have to do is go to the UI and set an admin password. Once
you've done that, you should be given a choice to leave your API wide open (how
it works now, firewalls aside), or generate a security key that in the future
gets passed to every API request as an HTTP GET variable. If you don't pass the
key and it's set to be required, the API request fails. If you pass the wrong
key and it's required, the API request fails. If you pass the right key and
it's required, or if no key is required, you get results back. You can change
the security key settings in the admin UI by signing in with your username and
password. Potentially, you could have different security keys for different use
cases, and track their usage.
I have no experience as a Solr Java developer so maybe doing this is impossible
or just merely difficult. But it would bring Solr in line with almost every
other enterprise software product I've ever used.
> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>
> Key: SOLR-7896
> URL: https://issues.apache.org/jira/browse/SOLR-7896
> Project: Solr
> Issue Type: New Feature
> Components: Admin UI, security
> Affects Versions: 5.2.1
> Reporter: Aaron Greenspan
> Priority: Major
> Labels: authentication, login, password
>
> Out of the box, the Solr Administrative interface should require a password
> that the user is required to set.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
