Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-10100

Hiding credentials from security.json when retrieving through /admin/zookeeper

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Workaround
    • None
    • None
    • security
    • None

    Description

      /admin/zookeeper API is currently exposing security.json as-is, which can contain security credentials as well.

      Proposing a configurable list for hiding elements of security.json when loaded through /admin/zookeeper.

      Attachments

        Issue Links

          duplicates

          Sub-task - The sub-task of the issue SOLR-7890 By default require admin rights to access /security.json in ZK

          • Major - Major loss of function.
          • Resolved
          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-11623 Every request handler in Solr should implement PermissionNameProvider interface

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed
          relates to

          New Feature - A new feature of the product, which has yet to be developed. SOLR-13942 /api/cluster/zk/* to fetch raw ZK data

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SOLR-15768 Tune zookeeper request handler permissions (8x)

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              janhoy Jan Høydahl
              manokovacs Mano Kovacs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: