Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-8756

Need 4 config "zkDigestUsername"/"zkDigestPassword"/"zkDigestReadonlyUsername"/"zkDigestReadonlyUsername" in solr.xml

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 5.3.1
    • None
    • security, SolrCloud

    • Linux 64bit

    Description

      Need 4 config in <solrhome>/solr.xml instead of -D parameter in solr.in.sh.

      like below:
      <solr>
      <solrcloud>
      <str name="zkDigestUsername">zkusername</str>
      <str name="zkDigestPassword">zkpassword</str"zkDigestUsername">
      <str name="zkDigestReadonlyUsername">zkreadonlyusername</str>
      <str name="zkDigestReadonlyUsername">readonlypassword</str"zkDigestUsername">
      ...

      Otherwise, any user can use the linux "ps" command showing the full command line including the plain text zookeeper username and password. If we use file store them, we can control the access of the file not to leak the username/password.

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. SOLR-12778 Support encrypted password for ZK cred/ACL providers

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              forest_soup Forest Soup
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: