On 3/25/2018 1:56 AM, Basheeruddin Ahmed (syedbahm) wrote:
Seems even when we use Secuirty.json with BasicAuthentication Plugin as
documented here --
https://lucene.apache.org/solr/guide/7_2/basic-authentication-plugin.html
, which nicely encrypts the user password using SHA256 encryption, when it
comes to configuring
<snip>
Please let me know how I can use the same encrypted password as in
Security.json when setting up Master/Slave Replication for Solr.
At the moment, the cleartext password is the only way it can be configured.
It is not possible to use the same string that goes in security.json for
a feature like replication. That string is a one-way hash of the
password, so it cannot be decrypted. The replication handler must be
able to obtain the cleartext password.
The DIH feature offers password encryption for database passwords.
Scroll down a little bit on the following page to the description
numbered "2":
https://lucene.apache.org/solr/guide/6_6/uploading-structured-data-store-data-with-the-data-import-handler.html#configuring-the-dih-configuration-file
The replication handler CAN be enhanced to use a the same kind of
encryption. Note that this is merely security through obscurity. If
whoever is looking at the configuration also has access to the key file,
then they will be able to decrypt the password.
Can you file an enhancement issue in Jira to add this capability to
other handlers like replication?
https://issues.apache.org/jira/browse/SOLR
You'll need an account to create an issue. Anyone can create an account.
Thanks,
Shawn
