Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Won't Fix
-
None
-
None
-
None
Description
Perhaps VMParamsAllAndReadonlyDigestZkACLProvider should by default require admin access for read/write of /security.json, and other sensitive paths. Today this is left to the user to implement.
Also, perhaps factor out the already-known sensitive paths into a separate class, so that various ACLProvider implementations can get a list of paths that should be admin-only, read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere will still do the right thing in the future if we introduce other sensitive Znodes...
Attachments
Attachments
Issue Links
- is duplicated by
-
SOLR-10100 Hiding credentials from security.json when retrieving through /admin/zookeeper
- Resolved
- relates to
-
SOLR-11623 Every request handler in Solr should implement PermissionNameProvider interface
- Closed
- requires
-
SOLR-4580 Support for protecting content in ZK
- Closed