[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Noble Paul updated SOLR-14158:
------------------------------
Description:
The security of the package system relies on securing ZK. It's much easier for
users to secure the file system than securing ZK.
We provide an option to read public keys from file store. The default behavior
will be to read from ZK
The nodes must be started with {{-Dpkg.keys=filestore}}
This will
* disable the remote {{PUT /api/cluster/files}}
* The CLI will directly write to the keys to
{{<SOLR_HOME>/filestore/_trusted_keys/}} dir
* The CLI directly writes the package artifacts to the local solr and ask
other nodes to fetch from this node. Nobody can upload executable jars over a
remote call
* Keys stored in ZK will not be used or trusted. So nobody can attack the
cluster by publishing a malicious key into Solr
was:
The security of the package system relies on securing ZK. It's much easier for
users to secure the file system than securing ZK.
This will
* disable the remote {{PUT /api/cluster/files}} by default
* The CLI will directly write to the keys to
{{<SOLR_HOME>/filestore/_trusted_keys/}} dir
* The CLI directly writes the package artifacts to the local solr and ask
other nodes to fetch from this node. Nobody can upload executable jars over a
remote call
* Keys stored in ZK will not be used or trusted. So nobody can attack the
cluster by publishing a malicious key into Solr
> package manager to read keys from packagestore and not ZK
> ----------------------------------------------------------
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Major
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store. The default
> behavior will be to read from ZK
> The nodes must be started with {{-Dpkg.keys=filestore}}
> This will
> * disable the remote {{PUT /api/cluster/files}}
> * The CLI will directly write to the keys to
> {{<SOLR_HOME>/filestore/_trusted_keys/}} dir
> * The CLI directly writes the package artifacts to the local solr and ask
> other nodes to fetch from this node. Nobody can upload executable jars over a
> remote call
> * Keys stored in ZK will not be used or trusted. So nobody can attack the
> cluster by publishing a malicious key into Solr
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
