[jira] [Updated] (SOLR-7889) Secure ZooKeeper should be easy and the default

2015-08-07 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/SOLR-7889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl updated SOLR-7889:
--
Description: 
ZooKeeper security is documented at 
https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control but 
is not trivial to setup, see http://search-lucene.com/m/eHNlqr6EnMrP6O

As we enable more and more security stuff, securing ZK should be easier to do 
and ideally the default. This is an umbrella for such improvements.

When all of this is in place and working, perhaps even Solr should refuse to 
start if Auth/Autz plugins are in use and ZK communication is not properly 
protected, e.g. require {{bin/solr start --insecure}} to override.

  was:
ZooKeeper security is documented at 
https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control but 
is not trivial to setup, see http://search-lucene.com/m/eHNlqr6EnMrP6O

As we enable more and more security stuff, securing ZK should be easier to do 
and ideally the default.

The {{DefaultZkACLProvider}} should by default require admin access for all 
operations including read of {{/security.json}}, and other sensitive paths. 
Today this is left to the user to implement.

Move manual env-var instructions from documentation into start scripts, with 
defaults for read-only and admin user passwords.

Perhaps even Solr should refuse to start if ZK communication is not ACL 
protected, encrypted and if default admin passwd is not changed. Overrideable 
with a new option {{bin/solr start --insecure}}

Let this JIRA be an umbrella for several child tasks.


 Secure ZooKeeper should be easy and the default
 ---

 Key: SOLR-7889
 URL: https://issues.apache.org/jira/browse/SOLR-7889
 Project: Solr
  Issue Type: Improvement
  Components: security
Reporter: Jan Høydahl
Priority: Critical
  Labels: security, zookeeper

 ZooKeeper security is documented at 
 https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control but 
 is not trivial to setup, see http://search-lucene.com/m/eHNlqr6EnMrP6O
 As we enable more and more security stuff, securing ZK should be easier to do 
 and ideally the default. This is an umbrella for such improvements.
 When all of this is in place and working, perhaps even Solr should refuse to 
 start if Auth/Autz plugins are in use and ZK communication is not properly 
 protected, e.g. require {{bin/solr start --insecure}} to override.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Updated] (SOLR-7889) Secure ZooKeeper should be easy and the default

2015-08-06 Thread JIRA 

 [ 
https://issues.apache.org/jira/browse/SOLR-7889?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl updated SOLR-7889:
--
Fix Version/s: (was: 5.4)
   (was: Trunk)

 Secure ZooKeeper should be easy and the default
 ---

 Key: SOLR-7889
 URL: https://issues.apache.org/jira/browse/SOLR-7889
 Project: Solr
  Issue Type: Improvement
  Components: security
Reporter: Jan Høydahl
Priority: Critical
  Labels: security, zookeeper

 ZooKeeper security is documented at 
 https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control but 
 is not trivial to setup, see http://search-lucene.com/m/eHNlqr6EnMrP6O
 As we enable more and more security stuff, securing ZK should be easier to do 
 and ideally the default.
 The {{DefaultZkACLProvider}} should by default require admin access for all 
 operations including read of {{/security.json}}, and other sensitive paths. 
 Today this is left to the user to implement.
 Move manual env-var instructions from documentation into start scripts, with 
 defaults for read-only and admin user passwords.
 Perhaps even Solr should refuse to start if ZK communication is not ACL 
 protected, encrypted and if default admin passwd is not changed. Overrideable 
 with a new option {{bin/solr start --insecure}}
 Let this JIRA be an umbrella for several child tasks.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org