[SOLR-7207] PKI based security implementation for security in Solr - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

Historically, Solr has always stayed away from securing any operations and we even allow GET operation on an HTTP end point to manipulate almost anything inside a Solr cluster

We can categorize the operations such as

Loading executable (runtime jars) ~~SOLR-7126~~
conf files ~~SOLR-6736~~
schema API
config API
collections API
/update/* operation to any collection

~~SOLR-7126~~ has solved this problem using PKI where the public keys can be uploaded to /keys/exe and all jars loaded are verified using one of the public keys.

A similar scheme can be used for other operations as well. We can add keys to other directories and use them to verify other operations. The only catch is , that we will need to send all the payload via POST

The advantage of this scheme is that Solr does not need to manage any credentials or take care of storing anything secretly. It just needs a few public keys to be stored in ZK and security will kick in automatically. External solutions can build on top of these and provide authentication etc

Attachments

Issue Links

depends upon

SOLR-7230 An API to plugin security into Solr

Resolved

Is contained by

SOLR-7236 Securing Solr (umbrella issue)

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Noble Paul

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 09/Mar/15 12:42

Updated:: 14/Dec/15 10:36

Resolved:: 14/Dec/15 10:36