[
https://issues.apache.org/jira/browse/SOLR-16809?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Houston Putman updated SOLR-16809:
----------------------------------
Security: (was: Private (Security Issue))
> Converge sysProp redaction logic in PropertiesRequestHandler and MetricsAPI
> ---------------------------------------------------------------------------
>
> Key: SOLR-16809
> URL: https://issues.apache.org/jira/browse/SOLR-16809
> Project: Solr
> Issue Type: Bug
> Components: metrics
> Reporter: Houston Putman
> Assignee: Houston Putman
> Priority: Major
> Fix For: 9.3
>
> Attachments: SOLR-16809-1.patch, SOLR-16809.patch
>
>
> Currently there are two APIs to get the sysProps from a Solr process.
> * /admin/info/properties
> * /admin/info/metrics
> Unfortunately the logic for redacting sensitive information is different and
> configured separately for these two endpoints.
> For /admin/info/properties redaction occurs if
> "solr.redaction.system.enabled" is set to true, which it is by default. Then
> a reg-ex matcher for the sysProp key can be configured by
> "solr.redaction.system.pattern", and the default is ".*password.*"
> (case-insensitive).
> For /admin/info/metrics, redaction always occurs. The default list of
> sensitive properties is:
> * "javax.net.ssl.keyStorePassword"
> * "javax.net.ssl.trustStorePassword"
> * "basicauth"
> * "zkDigestPassword"
> * "zkDigestReadonlyPassword"
> * "aws.secretKey" // AWS SDK v1
> * "aws.secretAccessKey" // AWS SDK v2
> * "http.proxyPassword"
> Notice that a few of these do not include the word "password". So the
> "basicauth" and "aws.secretKey" and "aws.secretAccessKey" options will be
> passed to the AdminUI by default.
> I suggest that we merge the logic between these two and have them be
> configurable the same way. I think having this list is important, but also
> having a blanket "*(password|secret)*" filter is also safe.
> Unfortunately the Metrics API redaction list is only configurable in the
> solr.xml under the <metrics> tag, which doesn't really apply to
> /info/properties. So we will probably want to move that out from metrics
> (back-compat for 9x of course) and add an envVar/sysProp that will make it
> easier for users to configure.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
