-----Original Message-----
From: Shawn Heisey [mailto:apache@elyograg.org]
Sent: 25 March 2018 14:18
To: solr-user@lucene.apache.org
Subject: Re: Master Slave Replication of Solr with Basic Authentication
On 3/25/2018 1:56 AM, Basheeruddin Ahmed (syedbahm) wrote:
> Seems even when we use Secuirty.json with BasicAuthentication Plugin
> as documented here --
> https://lucene.apache.org/solr/guide/7_2/basic-authentication-plugin.h
> tml , which nicely encrypts the user password using SHA256 encryption,
> when it comes to configuring
<snip>
> Please let me know how I can use the same encrypted password as in
Security.json when setting up Master/Slave Replication for Solr.
At the moment, the cleartext password is the only way it can be configured.
It is not possible to use the same string that goes in security.json for a
feature like replication. That string is a one-way hash of the password, so
it cannot be decrypted. The replication handler must be able to obtain the
cleartext password.
The DIH feature offers password encryption for database passwords. Scroll
down a little bit on the following page to the description numbered "2":
https://lucene.apache.org/solr/guide/6_6/uploading-structured-data-store-dat
a-with-the-data-import-handler.html#configuring-the-dih-configuration-file
The replication handler CAN be enhanced to use a the same kind of
encryption. Note that this is merely security through obscurity. If
whoever is looking at the configuration also has access to the key file,
then they will be able to decrypt the password.
Can you file an enhancement issue in Jira to add this capability to other
handlers like replication?
https://issues.apache.org/jira/browse/SOLR
You'll need an account to create an issue. Anyone can create an account.
Thanks,
Shawn
No comments:
Post a Comment