[
https://issues.apache.org/jira/browse/SOLR-8756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16817386#comment-16817386
]
Jan Høydahl commented on SOLR-8756:
-----------------------------------
Have a look at SOLR-12778 which is a proposed fix for the pw leak. It will use
encrypted passwords.
> Need 4 config
> "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername"
> in solr.xml
> ---------------------------------------------------------------------------------------------------------------------
>
> Key: SOLR-8756
> URL: https://issues.apache.org/jira/browse/SOLR-8756
> Project: Solr
> Issue Type: Bug
> Components: security, SolrCloud
> Affects Versions: 5.3.1
> Environment: Linux 64bit
> Reporter: Forest Soup
> Priority: Major
> Labels: security
>
> Need 4 config in <solrhome>/solr.xml instead of -D parameter in solr.in.sh.
> like below:
> <solr>
> <solrcloud>
> <str name="zkDigestUsername">zkusername</str>
> <str name="zkDigestPassword">zkpassword</str"zkDigestUsername">
> <str name="zkDigestReadonlyUsername">zkreadonlyusername</str>
> <str
> name="zkDigestReadonlyUsername">readonlypassword</str"zkDigestUsername">
> ...
> Otherwise, any user can use the linux "ps" command showing the full command
> line including the plain text zookeeper username and password. If we use file
> store them, we can control the access of the file not to leak the
> username/password.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
