[
https://issues.apache.org/jira/browse/SOLR-13345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817331#comment-16817331
]
Jan Høydahl commented on SOLR-13345:
------------------------------------
{quote}One could argue that we could set the initial password to "password" or
"12345",
{quote}
Or generate a strong password in the first place, and communicate this to the
customer in the welcome email?
There is a clear benefit in not allowing empty password in UI, that if you
accidentally hit Enter after username, the UI will not send the form until you
enter a pw.
Also, {{bin/solr auth}} does not either support empty password, so if it was to
be allowed, the whole system would need to prepare for it.
{code:java}
$ bin/solr auth enable -credentials solr: -blockUnknown true
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 1
at
org.apache.solr.util.SolrCLI$AuthTool.handleBasicAuth(SolrCLI.java:4305){code}
> Admin UI login page doesn't accept empty passwords
> --------------------------------------------------
>
> Key: SOLR-13345
> URL: https://issues.apache.org/jira/browse/SOLR-13345
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Admin UI
> Affects Versions: 7.7, 8.0
> Reporter: Märt
> Priority: Minor
>
> In solr 7.6 and older, it was possible to log in with an empty password using
> basic auth. The new Admin UI login page implemented in SOLR-7896 no longer
> accepts empty passwords.
> This issue was discussed in the solr-user mailing list
> http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
