Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 4.0-ALPHA
    • Fix Version/s: 4.3
    • Labels:
      None
    • Environment:

      All

      Description

      The http response from dataimporthandler, as well as logging output exposes the jdbc password in plain text.

        Activity

        Des Lownds created issue -
        Shalin Shekhar Mangar made changes -
        Field Original Value New Value
        Assignee Shalin Shekhar Mangar [ shalinmangar ]
        Hide
        Shalin Shekhar Mangar added a comment -

        Can you please give me a log fragment showing this? The log files do have the jdbc url so it is advisable to use the user and password attributes on JdbcDataSource rather than putting them in the jdbc url itself.

        Show
        Shalin Shekhar Mangar added a comment - Can you please give me a log fragment showing this? The log files do have the jdbc url so it is advisable to use the user and password attributes on JdbcDataSource rather than putting them in the jdbc url itself.
        Hide
        Des Lownds added a comment - - edited

        dataimporthandler config:

          <!-- data import handler -->
          <requestHandler name="/dataimport" class="org.apache.solr.handler.dataimport.DataImportHandler">
            <lst name="defaults">
              <str name="config">data-config.xml</str>
              <lst name="datasource">
                 <str name="driver">${jdbc.readonly.driver}</str>
                 <str name="url">jdbc:mysql://${jdbc.readonly.host}:${jdbc.readonly.port}/${jdbc.readonly.database}</str>
                 <str name="user">${jdbc.readonly.user}</str>
                 <str name="password">${jdbc.readonly.password}</str>
              </lst>
            </lst>
          </requestHandler>

        curl http://localhost:8066/solr/catalog/dataimport

        <response><lst name="responseHeader"><int name="status">0</int><int name="QTime">0</int></lst><lst name="initArgs"><lst name="defaults"><str name="config">data-config.xml</str><lst name="datasource"><str name="driver">com.mysql.jdbc.Driver</str><str name="url">jdbc:mysql://localhost:3306/#REDACT#</str><str name="user">#REDACT#</str><str name="password">#REDACT#</str></lst></lst></lst><str name="status">idle</str><str name="importResponse"/><lst name="statusMessages"><str name="Total Requests made to DataSource">2125</str><str name="Total Rows Fetched">1965</str><str name="Total Documents Skipped">0</str><str name="Full Dump Started">2011-10-03 11:31:02</str><str name="">Indexing completed. Added/Updated: 236 documents. Deleted 0 documents.</str><str name="Committed">2011-10-03 11:31:35</str><str name="Optimized">2011-10-03 11:31:35</str><str name="Total Documents Processed">236</str><str name="Time taken ">0:0:32.932</str></lst><str name="WARNING">This response format is experimental.  It is likely to change in the future.</str></response>
        

        log:

             [java] INFO  SearchHandler - Adding  component:org.apache.solr.handler.component.StatsComponent@f786a3c
             [java] INFO  SearchHandler - Adding  debug component:org.apache.solr.handler.component.DebugComponent@2a869113
             [java] INFO  DataImportHandler - Processing configuration from solrconfig.xml: {config=data-config.xml,datasource={driver=com.mysql.jdbc.Driver,url=jdbc:mysql://localhost:3306/#REDACT#,user=#REDACT#,password=#REDACT#}}
             [java] INFO  DataImportHandler - Adding properties to datasource: {user=#REDACT#, password=#REDACT#, url=jdbc:mysql://localhost:3306/#REDACT#, driver=com.mysql.jdbc.Driver}
             [java] INFO  DataImporter - Data Configuration loaded successfully
        
        Show
        Des Lownds added a comment - - edited dataimporthandler config: <!-- data import handler --> <requestHandler name= "/dataimport" class= "org.apache.solr.handler.dataimport.DataImportHandler" > <lst name= "defaults" > <str name= "config" >data-config.xml</str> <lst name= "datasource" > <str name= "driver" >${jdbc.readonly.driver}</str> <str name= "url" >jdbc:mysql: //${jdbc.readonly.host}:${jdbc.readonly.port}/${jdbc.readonly.database}</str> <str name= "user" >${jdbc.readonly.user}</str> <str name= "password" >${jdbc.readonly.password}</str> </lst> </lst> </requestHandler> curl http://localhost:8066/solr/catalog/dataimport <response><lst name= "responseHeader" >< int name= "status" >0</ int >< int name= "QTime" >0</ int ></lst><lst name= "initArgs" ><lst name= "defaults" ><str name= "config" >data-config.xml</str><lst name= "datasource" ><str name= "driver" >com.mysql.jdbc.Driver</str><str name= "url" >jdbc:mysql: //localhost:3306/#REDACT#</str><str name= "user" >#REDACT#</str><str name= "password" >#REDACT#</str></lst></lst></lst><str name= "status" >idle</str><str name= "importResponse" /><lst name= "statusMessages" ><str name= "Total Requests made to DataSource" >2125</str><str name= "Total Rows Fetched" >1965</str><str name= "Total Documents Skipped" >0</str><str name= "Full Dump Started" >2011-10-03 11:31:02</str><str name= "">Indexing completed. Added/Updated: 236 documents. Deleted 0 documents.</str><str name=" Committed ">2011-10-03 11:31:35</str><str name=" Optimized ">2011-10-03 11:31:35</str><str name=" Total Documents Processed ">236</str><str name=" Time taken ">0:0:32.932</str></lst><str name=" WARNING">This response format is experimental. It is likely to change in the future .</str></response> log: [java] INFO SearchHandler - Adding component:org.apache.solr.handler.component.StatsComponent@f786a3c [java] INFO SearchHandler - Adding debug component:org.apache.solr.handler.component.DebugComponent@2a869113 [java] INFO DataImportHandler - Processing configuration from solrconfig.xml: {config=data-config.xml,datasource={driver=com.mysql.jdbc.Driver,url=jdbc:mysql: //localhost:3306/#REDACT#,user=#REDACT#,password=#REDACT#}} [java] INFO DataImportHandler - Adding properties to datasource: {user=#REDACT#, password=#REDACT#, url=jdbc:mysql: //localhost:3306/#REDACT#, driver=com.mysql.jdbc.Driver} [java] INFO DataImporter - Data Configuration loaded successfully
        Hide
        Des Lownds added a comment -

        After looking closer I see this is only happening because I am specifying the dataimport config in the dataimporthandler config in solrcore.xml. Moving that to a datasource element in data-config.xml prevents this, but makes it hard to specify the connection properties in a way that is easily set in deployment.

        Show
        Des Lownds added a comment - After looking closer I see this is only happening because I am specifying the dataimport config in the dataimporthandler config in solrcore.xml. Moving that to a datasource element in data-config.xml prevents this, but makes it hard to specify the connection properties in a way that is easily set in deployment.
        Hide
        Hoss Man added a comment -

        bulk fixing the version info for 4.0-ALPHA and 4.0 all affected issues have "hoss20120711-bulk-40-change" in comment

        Show
        Hoss Man added a comment - bulk fixing the version info for 4.0-ALPHA and 4.0 all affected issues have "hoss20120711-bulk-40-change" in comment
        Hoss Man made changes -
        Fix Version/s 4.0 [ 12322455 ]
        Fix Version/s 4.0-ALPHA [ 12314992 ]
        Hide
        Robert Muir added a comment -

        rmuir20120906-bulk-40-change

        Show
        Robert Muir added a comment - rmuir20120906-bulk-40-change
        Robert Muir made changes -
        Fix Version/s 4.0 [ 12322551 ]
        Fix Version/s 4.0-BETA [ 12322455 ]
        Hide
        Robert Muir added a comment -

        moving all 4.0 issues not touched in a month to 4.1

        Show
        Robert Muir added a comment - moving all 4.0 issues not touched in a month to 4.1
        Robert Muir made changes -
        Fix Version/s 4.1 [ 12321141 ]
        Fix Version/s 4.0 [ 12322551 ]
        Steve Rowe made changes -
        Fix Version/s 4.2 [ 12323893 ]
        Fix Version/s 4.1 [ 12321141 ]
        Robert Muir made changes -
        Fix Version/s 4.3 [ 12324128 ]
        Fix Version/s 4.2 [ 12323893 ]
        Hide
        Shalin Shekhar Mangar added a comment -

        Variables specified in data config are also resolved with system properties so there is no reason anymore to configure DIH via solrconfig. Hence, the bug can be worked around by using dataconfig instead of configuring via solrconfig.

        Show
        Shalin Shekhar Mangar added a comment - Variables specified in data config are also resolved with system properties so there is no reason anymore to configure DIH via solrconfig. Hence, the bug can be worked around by using dataconfig instead of configuring via solrconfig.
        Shalin Shekhar Mangar made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Won't Fix [ 2 ]
        Hide
        Uwe Schindler added a comment -

        Closed after release.

        Show
        Uwe Schindler added a comment - Closed after release.
        Uwe Schindler made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Shalin Shekhar Mangar
            Reporter:
            Des Lownds
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development