[
https://issues.apache.org/jira/browse/TIKA-3725?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17536596#comment-17536596
]
Tim Allison commented on TIKA-3725:
-----------------------------------
The main disadvantage I see is adding another dependency from jar
size/complexity perspective and from a security perspective. We can add the
"stop" command so that we get the service. We have basic tls/ssl now. Auth is
complex if we need to offer everything...do we? Whitelists/include lists
should be handled sufficiently by two way tls, no?
Fellow devs, what do you all think?
> Add Authorization to Tika Server (Suggest Basic to start off with)
> ------------------------------------------------------------------
>
> Key: TIKA-3725
> URL: https://issues.apache.org/jira/browse/TIKA-3725
> Project: Tika
> Issue Type: New Feature
> Components: tika-server
> Affects Versions: 2.3.0
> Reporter: Dan Coldrick
> Priority: Minor
>
> I would be good to get some Authentication/Authorization added to TIKA server
> to be able to add another layer of security around the Tika Server Rest
> service.
> This could become a rabbit hole with the number of options available around
> Authentication/Authorization (Oauth, OpenId etc) so suggest as a starter
> basic Auth is added.
> How to store user(s)/password suggest looking at how other apache products do
> the same?
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
