[
https://issues.apache.org/jira/browse/SOLR-10100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17434411#comment-17434411
]
Jan Høydahl commented on SOLR-10100:
------------------------------------
In SOLR-7890 we require CONFIG_READ_PERM to access /admin/zookeeper and if you
request the file content of /security.json, we require SECURITY_READ_PERM. We
still list the file, but you'll get a 403 when attempting to read it. I think
this will solve the intent of this issue. Perhaps some extra code in UI is
needed to give a sane message whenever someone clicks security.json in UI
without proper permission. The best thing to do would be to print a red text
"You need bla bla to access this file".
> Hiding credentials from security.json when retrieving through /admin/zookeeper
> ------------------------------------------------------------------------------
>
> Key: SOLR-10100
> URL: https://issues.apache.org/jira/browse/SOLR-10100
> Project: Solr
> Issue Type: Improvement
> Components: security
> Reporter: Mano Kovacs
> Assignee: Jan Høydahl
> Priority: Major
>
> {{/admin/zookeeper}} API is currently exposing {{security.json}} as-is, which
> can contain security credentials as well.
> Proposing a configurable list for hiding elements of {{security.json}} when
> loaded through {{/admin/zookeeper}}.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
