[
https://issues.apache.org/jira/browse/SOLR-13972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988930#comment-16988930
]
Jason Gerlowski commented on SOLR-13972:
----------------------------------------
That's the way I've ended up going. The warnings now appear in solr.log and
look like:
{code}
WARN (main) [ ] o.a.s.c.CoreContainer Not all security plugins configured!
authentication=disabled authorization=disabled. Solr is only as secure as you
make it. Consider configuring authentication/authorization before exposing Solr
to users internal or external. See
https://lucene.apache.org/solr/guide/authentication-and-authorization-plugins.html
for more info
{code}
and
{code}
WARN (main) [ ] o.a.s.c.CoreContainer Solr authentication is enabled, but
SSL is off. Consider enabling SSL to protect user credentials and data with
encryption.
{code}
Anyone have any other suggestions/feedback? Will look to commit in a few days
otherwise since this is pretty straightforward.
> Insecure Solr should generate startup warning
> ---------------------------------------------
>
> Key: SOLR-13972
> URL: https://issues.apache.org/jira/browse/SOLR-13972
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Priority: Critical
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Warning to the effect of, start Solr with: "solr auth enable -credentials
> solr:foo -blockUnknown true” (or some other way to achieve the same effect)
> if you want to expose this Solr instance directly to users. Maybe the link to
> the ref guide discussing all this might be in good measure here.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
