Which Solr releases contain SOLR-4470 (Security for inter-solr-node requests)
I am currently working on SolrCloud and its related security configurations for securing Solr web applications using HTTP Basic Authentication mechanism. Among the Solr nodes inside the SolrCloud clustered env, there seem to be existing some inter-solr-node communication issues due to the security configurations, which are the HTTP Authentication errors. Based on my research, the patch SOLR-4470 (Security for inter-solr-node requests) would be ideal for resolving these issues (please refer to the address: https://wiki.apache.org/solr/SolrSecurity#Security_for_inter-solr-node_requests). However, it seems to me that these security patches are out-of-box additions to the current Solr source codebase, which don't seem to be available in the recent Solr releases. If someone could point out which Solr releases or the jars from some online repositories that contain this patch, it would be appreciated very much. Jerry This e-mail is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this e-mail in error, please tell us immediately by return e-mail and delete the document. No recipient may use the information in this e-mail in violation of any civil or criminal statute. Sentry disclaims all liability for any unauthorized uses of this e-mail or its contents. Sentry accepts no liability or responsibility for any damage caused by any virus transmitted with this e-mail.
Re: Which Solr releases contain SOLR-4470 (Security for inter-solr-node requests)
You find the answer to such questions by looking at the state of the JIRA issue https://issues.apache.org/jira/browse/SOLR-4470 Staus: Open Fix version: Trunk Which means that this feature is not included in any released Solr version (yet). -- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com 3. nov. 2014 kl. 22.39 skrev Yuan Jerry jerry.y...@sentry.com: I am currently working on SolrCloud and its related security configurations for securing Solr web applications using HTTP Basic Authentication mechanism. Among the Solr nodes inside the SolrCloud clustered env, there seem to be existing some inter-solr-node communication issues due to the security configurations, which are the HTTP Authentication errors. Based on my research, the patch SOLR-4470 (Security for inter-solr-node requests) would be ideal for resolving these issues (please refer to the address: https://wiki.apache.org/solr/SolrSecurity#Security_for_inter-solr-node_requests). However, it seems to me that these security patches are out-of-box additions to the current Solr source codebase, which don't seem to be available in the recent Solr releases. If someone could point out which Solr releases or the jars from some online repositories that contain this patch, it would be appreciated very much. Jerry This e-mail is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this e-mail in error, please tell us immediately by return e-mail and delete the document. No recipient may use the information in this e-mail in violation of any civil or criminal statute. Sentry disclaims all liability for any unauthorized uses of this e-mail or its contents. Sentry accepts no liability or responsibility for any damage caused by any virus transmitted with this e-mail.
Re: Which Solr releases contain SOLR-4470 (Security for inter-solr-node requests)
: I am currently working on SolrCloud and its related security : configurations for securing Solr web applications using HTTP Basic : Authentication mechanism. Among the Solr nodes inside the SolrCloud : clustered env, there seem to be existing some inter-solr-node : communication issues due to the security configurations, which are the : HTTP Authentication errors. Based on my research, the patch SOLR-4470 In my opinion, your best bet to secure Solr is to avoid any and all involvement of Basic Auth and instead use SSL with Client certificates... https://cwiki.apache.org/confluence/display/solr/Enabling+SSL 1) Already supported in Solr today - no patches needed 2) eliminates the complexity of needing a proxy in front of solr to handle the client auth, so that the solr nodes can talk to eachother w/o auth -- and/or: having solr nodes forward the client auth arround. Instead each solr node authenticates the client using the client's cert, and each node authenticates itself for the inter-node requests using it's own cert. 3) much more secure then Basic-Auth headers which could be sniffed by a man-in-the-middle (you could use SSL + Basic Auth - but if you are going to enable SSL anyway, why bother with Basic Auth? just configure the client certs) -Hoss http://www.lucidworks.com/
Security for inter-solr-node requests
Here is a part from wiki: 1) Just forward credentials from the super-request which caused the inter-solr-node sub-requests 2) Use internal credentials provided to the solr-node by the administrator at startup what do you use and is there any code example for it?
Re: Security for inter-solr-node requests
This feature is not yet part of Solr, but a feature under development in SOLR-4470. We encourage you to try it out and report back what worked best for you. -- Jan Høydahl, search solution architect Cominvent AS - www.cominvent.com Solr Training - www.solrtraining.com 2. mai 2013 kl. 13:58 skrev Furkan KAMACI furkankam...@gmail.com: Here is a part from wiki: 1) Just forward credentials from the super-request which caused the inter-solr-node sub-requests 2) Use internal credentials provided to the solr-node by the administrator at startup what do you use and is there any code example for it?