[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14709254#comment-14709254
]
Konstantin Gribov commented on SOLR-7896:
-
My point on enabling/disabling SSL by default is that Solr is often behind
firewall and _near_ to back-end which use it, they are both in some kind of
private network, so TLS will be cpu, network and management overhead for such
cases. I believe that it's primary use case and exposed Solr installations are
rare.
Also, requiring admin UI auth seems to be a good idea only at first glance.
Under the cover it will require non-trivial role model to separate user actions
and admin actions on all available handlers (like discussed in SOLR-7838) which
heavy depends on configured handlers and use case: sometimes {{update}} is
normal action for user and {{delete by id}} is not, sometimes {{delete by id}}
should be allowed, but {{delete by query}} shouldn't etc.
Another potential issue with self-made security framework is creating high
quality security modules. If some of them may be created and distributed with
Solr, so pass some QA by Solr committers, third party modules can have lesser
quality and affect overall Solr experience. Buggy or just slow third party
security filter will lead to bad user experience. Credentials and authN/authZ
rules caching and synchronization are other hard-to-implement-correctly part,
especially in distributed environment.
Since role to user mapping is non-trivial and authN/authZ is hard to configure,
security setup as standard Solr installation step would be frightening for many
users. I think, it should be optional for users, who want or have to use such
security model.
Solr Administrative Interface Lacks Password Protection
---
Key: SOLR-7896
URL: https://issues.apache.org/jira/browse/SOLR-7896
Project: Solr
Issue Type: Bug
Components: security, web gui
Affects Versions: 5.2.1
Reporter: Aaron Greenspan
Priority: Critical
Out of the box, the Solr interface should require an administrative password
that the user is required to set. Apparently there are ways of configuring
Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced
Linux admin and a programmer; I've tried, numerous times, and I've not once
been able to get it to work. The point is this, though:
*No one should have to try to get their Solr instance to support password
authentication and preferably SSL (even if it's just with a self-signed
certificate). Solr is designed to store huge amounts of data and is therefore
a likely target for malicious users.*
This needs to be addressed! It's 2015 and Solr is on version 5!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14708990#comment-14708990
]
Jan Høydahl commented on SOLR-7896:
---
bq. I would rather present an insecure interface out of the box so that a new
user can immediately see that their install is operational. I'd be OK with a
warning box on every page telling the user that they should enable SSL, as long
as it could be removed with a config change. Turning on SSL should be very easy
for a novice to do.
+1
bq. turning on authentication for the admin UI by default would be a good idea.
The out-of-the-box credentials should be easy to locate on our website, in the
first few pages of the documentation, and one or more of the .txt files
included in the download.
-0
Perhaps not by default, it would make the simplest tutorial unnecessary
complicated. And it would only work for cloud anyway. How about adding some
warnings to Admin UI in cloud mode if authentication is not enabled and another
warning if it is enabled with ootb passwords. And we could add an {{-auth}}
flag to {{/bin/solr -e cloud}} to optionally start the cloud example with basic
auth enabled...
Solr Administrative Interface Lacks Password Protection
---
Key: SOLR-7896
URL: https://issues.apache.org/jira/browse/SOLR-7896
Project: Solr
Issue Type: Bug
Components: security, web gui
Affects Versions: 5.2.1
Reporter: Aaron Greenspan
Priority: Critical
Out of the box, the Solr interface should require an administrative password
that the user is required to set. Apparently there are ways of configuring
Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced
Linux admin and a programmer; I've tried, numerous times, and I've not once
been able to get it to work. The point is this, though:
*No one should have to try to get their Solr instance to support password
authentication and preferably SSL (even if it's just with a self-signed
certificate). Solr is designed to store huge amounts of data and is therefore
a likely target for malicious users.*
This needs to be addressed! It's 2015 and Solr is on version 5!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661410#comment-14661410 ] Shawn Heisey commented on SOLR-7896: Regarding SSL on by default ... while this would provide some security out of the box, it annoys me when I try to connect to a web interface and I am immediately greeted by a security warning regarding a certificate that doesn't validate. An experienced user knows that it is safe to ignore that warning and proceed anyway, but a beginner may misinterpret what their browser is telling them, decide that Solr has security problems, and go looking for a different solution. I would rather present an insecure interface out of the box so that a new user can *immediately* see that their install is operational. I'd be OK with a warning box on every page telling the user that they should enable SSL, as long as it could be removed with a config change. Turning on SSL should be very easy for a novice to do. Another piece that must be straightforward is the installation of a custom certificate that the user might get from a public CA, and any required intermediate certificates. As already mentioned, we have a framework for authentication coming in 5.3. Once we are sure it's stable and effective, turning on authentication for the admin UI by default would be a good idea. The out-of-the-box credentials should be easy to locate on our website, in the first few pages of the documentation, and one or more of the .txt files included in the download. Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661334#comment-14661334 ] Shalin Shekhar Mangar commented on SOLR-7896: - You are in luck. Basic authentication has been added for the next release (5.3). See SOLR-7837. Also, Solr has supported SSL for a while now, see https://cwiki.apache.org/confluence/display/solr/Enabling+SSL Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661360#comment-14661360 ] Upayavira commented on SOLR-7896: - Given we have a new auth framework, and SSL support, this is do-able. I've not yet payed with, nor needed to, play with either. The benefit of discussing on the User list first, as Erick suggests, is to get more of an understanding of the use-cases you are looking at before we decide on an approach to solving them. Erick is right - Solr is not something that has traditionally been placed outside a firewall, because, well, it hasn't offered features that would allow that. This is starting to change, and I think auth on the admin UI would be a good thing, although I'm not yet in a position to work on it. Therefore, I'm inclined to re-open, even if I'm aware it'd take me some time to get around to it. Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661339#comment-14661339 ] Aaron Greenspan commented on SOLR-7896: --- SSL should be enabled by default. Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661341#comment-14661341 ] Aaron Greenspan commented on SOLR-7896: --- It's all well and good to say that users shouldn't do things, but they're being done, and the code needs to be written to account for real-world use, not some hypothetical ideal that doesn't exist. Also, I would love for Solr to just be exposed on my server's internal IP addresses--but I have no idea how to do that. The administrative web interface certainly doesn't let me select which IPs to bind to, which would be the easy way to implement that ideal. But regardless, it should never be assumed that every user will want to or know to operate Solr the same way (e.g. exclusively on a LAN behind a firewall). Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661342#comment-14661342 ] Aaron Greenspan commented on SOLR-7896: --- I find it incredibly surprising that you could write the above and then change the issue status to Not a Problem. Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[
https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661364#comment-14661364
]
Shalin Shekhar Mangar commented on SOLR-7896:
-
bq. SSL should be enabled by default.
I disagree. We have the option. People who need it can use them. We also have
kerberos support so you can use that too along with SSL if you're really
paranoid about security.
bq. It's all well and good to say that users shouldn't do things, but they're
being done, and the code needs to be written to account for real-world use, not
some hypothetical ideal that doesn't exist.
Yeah, which is why we are building some support for security. But enabling it
by default requires a lot of education for new users. We need to balance
between the two. Perhaps some of this can be done via documentation? For
example, we can link to the guides on SSL/Kerberos/BasicAuth on the Taking
Solr to Production page?
https://cwiki.apache.org/confluence/display/solr/Taking+Solr+to+Production
bq. Also, I would love for Solr to just be exposed exclusively on my server's
internal IP address(es)--but I have no idea how to do that.
You can do that by setting the SOLR_HOST property to the internal hostname or
IP address in solr.in.{sh,cmd}. The problem with doing that from the admin web
interface is:
# Solr has already started and bound to a port by then so reconfiguring from
the UI is a bit difficult
# We don't have enough people contributing to the admin UI sadly so
contributions are hard to come by. That being said, we have a new committer
(Upayavira) who is working on improving the UI these days, so there's still
hope :)
Solr Administrative Interface Lacks Password Protection
---
Key: SOLR-7896
URL: https://issues.apache.org/jira/browse/SOLR-7896
Project: Solr
Issue Type: Bug
Components: security, web gui
Affects Versions: 5.2.1
Reporter: Aaron Greenspan
Priority: Critical
Out of the box, the Solr interface should require an administrative password
that the user is required to set. Apparently there are ways of configuring
Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced
Linux admin and a programmer; I've tried, numerous times, and I've not once
been able to get it to work. The point is this, though:
*No one should have to try to get their Solr instance to support password
authentication and preferably SSL (even if it's just with a self-signed
certificate). Solr is designed to store huge amounts of data and is therefore
a likely target for malicious users.*
This needs to be addressed! It's 2015 and Solr is on version 5!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
-
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661366#comment-14661366 ] Shalin Shekhar Mangar commented on SOLR-7896: - bq. As a slightly longer term goal, I believe this ticket does have merit, and given we have auth capabilities in Solr now, it makes sense to place the admin UI behind that. Upayavira, this already works if you enable Basic Auth via the new capabilities added by SOLR-7837 Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
[jira] [Commented] (SOLR-7896) Solr Administrative Interface Lacks Password Protection
[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14661338#comment-14661338 ] Shalin Shekhar Mangar commented on SOLR-7896: - Of course, this doesn't mean that you should expose Solr to the world-wide-web. It is still not secure against all kinds of attacks. Solr Administrative Interface Lacks Password Protection --- Key: SOLR-7896 URL: https://issues.apache.org/jira/browse/SOLR-7896 Project: Solr Issue Type: Bug Components: security, web gui Affects Versions: 5.2.1 Reporter: Aaron Greenspan Priority: Critical Out of the box, the Solr interface should require an administrative password that the user is required to set. Apparently there are ways of configuring Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced Linux admin and a programmer; I've tried, numerous times, and I've not once been able to get it to work. The point is this, though: *No one should have to try to get their Solr instance to support password authentication and preferably SSL (even if it's just with a self-signed certificate). Solr is designed to store huge amounts of data and is therefore a likely target for malicious users.* This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) - To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org
