Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
7.2
-
None
-
None
Description
Copying my original question and reply from Shawn Heisey.
Seems even when we use Secuirty.json with BasicAuthentication Plugin as documented here – https://lucene.apache.org/solr/guide/7_2/basic-authentication-plugin.html
, which nicely encrypts the user password using SHA256 encryption, when it comes to configuring
Please let me know how I can use the same encrypted password as in Security.json when setting up Master/Slave Replication for Solr.
At the moment, the cleartext password is the only way it can be configured.
It is not possible to use the same string that goes in security.json for
a feature like replication. That string is a one-way hash of the
password, so it cannot be decrypted. The replication handler must be
able to obtain the cleartext password.
The DIH feature offers password encryption for database passwords.
Scroll down a little bit on the following page to the description
numbered "2":
https://lucene.apache.org/solr/guide/6_6/uploading-structured-data-store-data-with-the-data-import-handler.html#configuring-the-dih-configuration-file
The replication handler CAN be enhanced to use a the same kind of
encryption. Note that this is merely security through obscurity. If
whoever is looking at the configuration also has access to the key file,
then they will be able to decrypt the password.
Can you file an enhancement issue in Jira to add this capability to
other handlers like replication?
Hello,
Seems even when we use Secuirty.json with BasicAuthentication Plugin as documented here – https://lucene.apache.org/solr/guide/7_2/basic-authentication-plugin.html
, which nicely encrypts the user password using SHA256 encryption, when it comes to configuring the slave in a Master/Slave Index Replication Strategy, the slave config requires to give the
BasicAuthentication password in plain text? Is it something I got wrong? But in my setup of HA with Master/Slave replication it works in this manner.
https://lucene.apache.org/solr/guide/7_2/index-replication.html this also indicates the config is in plain text.
<!-- If HTTP Basic authentication is enabled on the master, then the slave
can be configured with the following -->
<str name="httpBasicAuthUser">username</str>
<str name="httpBasicAuthPassword">password</str>
Please let me know how I can use the same encrypted password as in Security.json when setting up Master/Slave Replication for Solr.
Thx
-Syed Ahmed.
Attachments
Attachments
Issue Links
- is caused by
-
SOLR-9640 Support PKI authentication and SSL in standalone-mode master/slave auth with local security.json
- Open