Jan Høydahl created SOLR-12976:
----------------------------------
Summary: Unify RedactionUtils and metrics hiddenSysProps settings
Key: SOLR-12976
URL: https://issues.apache.org/jira/browse/SOLR-12976
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: security
Reporter: Jan Høydahl
System properties can contain sensitive data, and they are easily available
from the Admin UI (/admin/info/system) and also from the Metrics API
(/admin/metrics).
By default the {{/admin/info/system}} redacts any sys prop with a key
containing *password*. This can be configured with sysprop
{{-Dsolr.redaction.system.pattern=<regex>}}
The metrics API by default hides these sysprops from the API output:
{code:java}
"javax.net.ssl.keyStorePassword",
"javax.net.ssl.trustStorePassword",
"basicauth",
"zkDigestPassword",
"zkDigestReadonlyPassword"
{code}
You can redefine these by adding a section to {{solr.xml}}:
{code:xml}
<metrics>
<hiddenSysProps>
<str>foo</str>
<str>bar</str>
<str>baz</str>
</hiddenSysProps>
</metrics>{code}
h2. Unifying the two
It is not very user firiendly to have two different systems for redacting
system properties and two sets of defaults. This goals of this issue are
* Keep only one set of defaults
* Both metrics and system info handler will use the same source
* It should be possible to change and persist the list without a full cluster
restart, preferably though some API
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
