RE: Anyway to encrypt admin user plain text password in Solr
Thanks Jason for sharing the details. Regards, Vinodh -Original Message- From: Jason Gerlowski Sent: Friday, November 15, 2019 12:54 AM To: solr-user@lucene.apache.org Subject: Re: Anyway to encrypt admin user plain text password in Solr ATTENTION! This email originated outside of DTCC; exercise caution. Hi Vinodh, I don't know of any way to encrypt the credentials in "basicAuth.conf", and looking at the code that loads that file I don't see any logic to handle that sort of thing. So I'm near positive there's no way to avoid plaintext here. But, that said, I don't think this should really be that concerning. To read this file, an adversary would need (1) access to the machine Solr runs on and (2) access to the user/group running Solr. If an adversary has those two things, the credentials are besides the point. They could kill your Solr process directly. Or read the index data files directly. Or edit them. etc. There may be edge cases around using network drives or HDFS where encrypting this file is useful, I haven't thought that side of things through entirely. But for most use-cases I'm not sure encrypting basicAuth.conf provides anything beyond security theater. Best, Jason On Thu, Nov 14, 2019 at 9:49 AM Mark H. Wood wrote: > > On Thu, Nov 14, 2019 at 11:35:47AM +, Kommu, Vinodh K. wrote: > > We store the plain text password in basicAuth.conf file. This is a normal > > file & we are securing it only with 600 file permissions so that others > > cannot read it. We also run various solr APIs in our custom script for > > various purposes using curl commands which needs admin user credentials to > > perform operations. If admin credentials details from basicAuth.conf file > > or from curl commands are exposed/compromised, eventually any person within > > the organization who knows credentials can login to admin UI and perform > > any read/write operations. This is a concern and auditing issue as well. > > If the password is encrypted, then the decryption key must be supplied > before the password can be used. This leads to one of two unfortunate > situations: > > o The user must enter the decryption key every time. This defeats >the purpose of storing credentials at the client. > >- or - > > o The decryption key is stored at the client, making it a new secret >that must be protected (by encrypting it? you see where this is >going) > > There is no way around this. If the client system stores a full set > of credentials, then anyone with sufficient access to the client > system can get everything he needs to authenticate an identity, no > matter what you do. If the client system does not store a full set of > credentials, then the user must supply at least some of them whenever > they are needed. The best one can usually do is to reduce the > frequency at which some credential must be entered manually. > > Solr supplies several authentication mechanisms besides BasicAuth. > Would one of those serve? > > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University - Purdue University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 > https://nam02.safelinks.protection.outlook.com/?url=www.ulib.iupui.edu > &data=02%7C01%7Cvkommu%40dtcc.com%7C9dab071571614ae9dff508d7693853 > f6%7C0465519d7f554d47998b55e2a86f04a8%7C0%7C0%7C637093562958117939& > ;sdata=Q0881FOYJhLgLOPOiUUqSpY6UbbIw82vUmVlaSAx0AU%3D&reserved=0 DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
RE: Anyway to encrypt admin user plain text password in Solr
Thanks Jorn - will check out these options. Regards, Vinodh Kumar K Middleware Cache and Search Engineering DTCC Chennai -Original Message- From: Jörn Franke Sent: Friday, November 15, 2019 1:00 AM To: solr-user@lucene.apache.org Subject: Re: Anyway to encrypt admin user plain text password in Solr ATTENTION! This email originated outside of DTCC; exercise caution. Use Kerberos or JWT token. > Am 11.11.2019 um 11:41 schrieb Kommu, Vinodh K. : > > Hi, > > After creating admin user in Solr when security is enabled, we have to store > the admin user's credentials in plain text format. Is there any option or a > way to encrypt the plain text password? > > Thanks, > Vinodh > DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email. DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Re: Anyway to encrypt admin user plain text password in Solr
Use Kerberos or JWT token. > Am 11.11.2019 um 11:41 schrieb Kommu, Vinodh K. : > > Hi, > > After creating admin user in Solr when security is enabled, we have to store > the admin user's credentials in plain text format. Is there any option or a > way to encrypt the plain text password? > > Thanks, > Vinodh > DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email.
Re: Anyway to encrypt admin user plain text password in Solr
Hi Vinodh, I don't know of any way to encrypt the credentials in "basicAuth.conf", and looking at the code that loads that file I don't see any logic to handle that sort of thing. So I'm near positive there's no way to avoid plaintext here. But, that said, I don't think this should really be that concerning. To read this file, an adversary would need (1) access to the machine Solr runs on and (2) access to the user/group running Solr. If an adversary has those two things, the credentials are besides the point. They could kill your Solr process directly. Or read the index data files directly. Or edit them. etc. There may be edge cases around using network drives or HDFS where encrypting this file is useful, I haven't thought that side of things through entirely. But for most use-cases I'm not sure encrypting basicAuth.conf provides anything beyond security theater. Best, Jason On Thu, Nov 14, 2019 at 9:49 AM Mark H. Wood wrote: > > On Thu, Nov 14, 2019 at 11:35:47AM +, Kommu, Vinodh K. wrote: > > We store the plain text password in basicAuth.conf file. This is a normal > > file & we are securing it only with 600 file permissions so that others > > cannot read it. We also run various solr APIs in our custom script for > > various purposes using curl commands which needs admin user credentials to > > perform operations. If admin credentials details from basicAuth.conf file > > or from curl commands are exposed/compromised, eventually any person within > > the organization who knows credentials can login to admin UI and perform > > any read/write operations. This is a concern and auditing issue as well. > > If the password is encrypted, then the decryption key must be supplied > before the password can be used. This leads to one of two unfortunate > situations: > > o The user must enter the decryption key every time. This defeats >the purpose of storing credentials at the client. > >- or - > > o The decryption key is stored at the client, making it a new secret >that must be protected (by encrypting it? you see where this is >going) > > There is no way around this. If the client system stores a full set > of credentials, then anyone with sufficient access to the client > system can get everything he needs to authenticate an identity, no > matter what you do. If the client system does not store a full set of > credentials, then the user must supply at least some of them whenever > they are needed. The best one can usually do is to reduce the > frequency at which some credential must be entered manually. > > Solr supplies several authentication mechanisms besides BasicAuth. > Would one of those serve? > > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University - Purdue University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 > www.ulib.iupui.edu
Re: Anyway to encrypt admin user plain text password in Solr
On Thu, Nov 14, 2019 at 11:35:47AM +, Kommu, Vinodh K. wrote: > We store the plain text password in basicAuth.conf file. This is a normal > file & we are securing it only with 600 file permissions so that others > cannot read it. We also run various solr APIs in our custom script for > various purposes using curl commands which needs admin user credentials to > perform operations. If admin credentials details from basicAuth.conf file or > from curl commands are exposed/compromised, eventually any person within the > organization who knows credentials can login to admin UI and perform any > read/write operations. This is a concern and auditing issue as well. If the password is encrypted, then the decryption key must be supplied before the password can be used. This leads to one of two unfortunate situations: o The user must enter the decryption key every time. This defeats the purpose of storing credentials at the client. - or - o The decryption key is stored at the client, making it a new secret that must be protected (by encrypting it? you see where this is going) There is no way around this. If the client system stores a full set of credentials, then anyone with sufficient access to the client system can get everything he needs to authenticate an identity, no matter what you do. If the client system does not store a full set of credentials, then the user must supply at least some of them whenever they are needed. The best one can usually do is to reduce the frequency at which some credential must be entered manually. Solr supplies several authentication mechanisms besides BasicAuth. Would one of those serve? -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature
RE: Anyway to encrypt admin user plain text password in Solr
Thank you @Jason for responding. We store the plain text password in basicAuth.conf file. This is a normal file & we are securing it only with 600 file permissions so that others cannot read it. We also run various solr APIs in our custom script for various purposes using curl commands which needs admin user credentials to perform operations. If admin credentials details from basicAuth.conf file or from curl commands are exposed/compromised, eventually any person within the organization who knows credentials can login to admin UI and perform any read/write operations. This is a concern and auditing issue as well. Regards, Vinodh -Original Message- From: Jason Gerlowski Sent: Thursday, November 14, 2019 6:38 AM To: solr-user@lucene.apache.org Subject: Re: Anyway to encrypt admin user plain text password in Solr ATTENTION! This email originated outside of DTCC; exercise caution. Hi, To clarify, Solr credentials are stored and shown in a few different places. In some situations the password might live in your "solr.in.sh" file. It also might live in a separate basicAuth.conf file. If you're using SolrCloud, the password might appear in Solr's Admin UI (depending on your version of Solr). The password is also stored in ZooKeeper. Some of these locations already store the credentials in an encrypted form. Other locations are only problematic if attackers have access to the disk that Solr is running on, at which point you have much bigger problems. If you can be more specific about the exposure you're concerned about, we can discuss whether there's an actual security concern there and how to work around it. Best, Jason On Wed, Nov 13, 2019 at 11:22 AM Kommu, Vinodh K. wrote: > > Does anyone have an any idea on this? If so, please help. > > Thanks > From: Kommu, Vinodh K. > Sent: Monday, November 11, 2019 4:11 PM > To: solr-user@lucene.apache.org > Subject: Anyway to encrypt admin user plain text password in Solr > > Hi, > > After creating admin user in Solr when security is enabled, we have to store > the admin user's credentials in plain text format. Is there any option or a > way to encrypt the plain text password? > > Thanks, > Vinodh > DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email. DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Re: Anyway to encrypt admin user plain text password in Solr
Hi, To clarify, Solr credentials are stored and shown in a few different places. In some situations the password might live in your "solr.in.sh" file. It also might live in a separate basicAuth.conf file. If you're using SolrCloud, the password might appear in Solr's Admin UI (depending on your version of Solr). The password is also stored in ZooKeeper. Some of these locations already store the credentials in an encrypted form. Other locations are only problematic if attackers have access to the disk that Solr is running on, at which point you have much bigger problems. If you can be more specific about the exposure you're concerned about, we can discuss whether there's an actual security concern there and how to work around it. Best, Jason On Wed, Nov 13, 2019 at 11:22 AM Kommu, Vinodh K. wrote: > > Does anyone have an any idea on this? If so, please help. > > Thanks > From: Kommu, Vinodh K. > Sent: Monday, November 11, 2019 4:11 PM > To: solr-user@lucene.apache.org > Subject: Anyway to encrypt admin user plain text password in Solr > > Hi, > > After creating admin user in Solr when security is enabled, we have to store > the admin user's credentials in plain text format. Is there any option or a > way to encrypt the plain text password? > > Thanks, > Vinodh > DTCC DISCLAIMER: This email and any files transmitted with it are > confidential and intended solely for the use of the individual or entity to > whom they are addressed. If you have received this email in error, please > notify us immediately and delete the email and any attachments from your > system. The recipient should check this email and any attachments for the > presence of viruses. The company accepts no liability for any damage caused > by any virus transmitted by this email.
RE: Anyway to encrypt admin user plain text password in Solr
Does anyone have an any idea on this? If so, please help. Thanks From: Kommu, Vinodh K. Sent: Monday, November 11, 2019 4:11 PM To: solr-user@lucene.apache.org Subject: Anyway to encrypt admin user plain text password in Solr Hi, After creating admin user in Solr when security is enabled, we have to store the admin user's credentials in plain text format. Is there any option or a way to encrypt the plain text password? Thanks, Vinodh DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Anyway to encrypt admin user plain text password in Solr
Hi, After creating admin user in Solr when security is enabled, we have to store the admin user's credentials in plain text format. Is there any option or a way to encrypt the plain text password? Thanks, Vinodh DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.