[
https://issues.apache.org/jira/browse/SOLR-12976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jan Høydahl resolved SOLR-12976.
--------------------------------
Resolution: Done
This is done elsewhere
> Unify RedactionUtils and metrics hiddenSysProps settings
> --------------------------------------------------------
>
> Key: SOLR-12976
> URL: https://issues.apache.org/jira/browse/SOLR-12976
> Project: Solr
> Issue Type: Improvement
> Components: security
> Reporter: Jan Høydahl
> Priority: Major
>
> System properties can contain sensitive data, and they are easily available
> from the Admin UI (/admin/info/system) and also from the Metrics API
> (/admin/metrics).
> By default the {{/admin/info/system}} redacts any sys prop with a key
> containing *password*. This can be configured with sysprop
> {{-Dsolr.redaction.system.pattern=<regex>}}
> The metrics API by default hides these sysprops from the API output:
> {code:java}
> "javax.net.ssl.keyStorePassword",
> "javax.net.ssl.trustStorePassword",
> "basicauth",
> "zkDigestPassword",
> "zkDigestReadonlyPassword"
> {code}
> You can redefine these by adding a section to {{solr.xml}}:
> ([https://lucene.apache.org/solr/guide/7_5/metrics-reporting.html#the-metrics-hiddensysprops-element])
> {code:xml}
> <metrics>
> <hiddenSysProps>
> <str>foo</str>
> <str>bar</str>
> <str>baz</str>
> </hiddenSysProps>
> </metrics>{code}
> h2. Unifying the two
> It is not very user firiendly to have two different systems for redacting
> system properties and two sets of defaults. This goals of this issue are
> * Keep only one set of defaults
> * Both metrics and system info handler will use the same source
> * It should be possible to change and persist the list without a full
> cluster restart, preferably though some API
> Note that the {{solr.redaction.system.pattern}} property is not documented in
> the ref guide, so this Jira should also fix documentation!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
