Jan Høydahl created SOLR-7889: --------------------------------- Summary: Secure ZooKeeper should be easy and the default Key: SOLR-7889 URL: https://issues.apache.org/jira/browse/SOLR-7889 Project: Solr Issue Type: Improvement Components: security Reporter: Jan Høydahl Priority: Critical Fix For: Trunk, 5.4
ZooKeeper security is documented at https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control but is not trivial to setup, see http://search-lucene.com/m/eHNlqr6EnMrP6O As we enable more and more security stuff, securing ZK should be easier to do and ideally the default. The {{DefaultZkACLProvider}} should by default require admin access for all operations including read of {{/security.json}}, and other sensitive paths. Today this is left to the user to implement. Move manual env-var instructions from documentation into start scripts, with defaults for read-only and admin user passwords. Perhaps even Solr should refuse to start if ZK communication is not ACL protected, encrypted and if default admin passwd is not changed. Overrideable with a new option {{bin/solr start --insecure}} Let this JIRA be an umbrella for several child tasks. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org