[
https://issues.apache.org/jira/browse/SOLR-7207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14354462#comment-14354462
]
Jan Høydahl commented on SOLR-7207:
-----------------------------------
Yes you'd probably want to combine with HTTPS, which is not a bad idea anyway
when allowing traffic from outside your DC. Typically ApiKeys are also combined
with IP checking to further reduce attack surface. Keys need to be kept secret,
but probably not more than a file with proper permissions.
How would you make sure that an unencrypted, PKI signed payload with e.g.
{{<delete><query>*:*</query></delete>}} cannot be sniffed and replayed by an
attacker? The payload signature hash will be the same every time for the same
payload, will it not?
Also, Solr already supports PKI through SSL certificate based auth. What we
lack is a way to authorize operations. After discussions in SOLR-4470 it was
quite clear that we should strive to push all *enforcing* of security outside
of Solr, e.g. to the container. That is why that patch adds URL pattern
authorization as test-code which manually must be deployed to container by the
user. Or perhaps we should consider a "Solr Shield" approach :)
> Securing operations in Solr
> ---------------------------
>
> Key: SOLR-7207
> URL: https://issues.apache.org/jira/browse/SOLR-7207
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
>
> Historically, Solr has always stayed away from securing any operations and we
> even allow GET operation on an HTTP end point to manipulate almost anything
> inside a Solr cluster
> We can categorize the operations such as
> * Loading executable (runtime jars) SOLR-7126
> * conf files SOLR-6736
> * schema API
> * config API
> * collections API
> * /update/* operation to any collection
> SOLR-7126 has solved this problem using PKI where the public keys can be
> uploaded to {{/keys/exe}} and all jars loaded are verified using one of the
> public keys.
> A similar scheme can be used for other operations as well. We can add keys to
> other directories and use them to verify other operations. The only catch is
> , that we will need to send all the payload via POST
> The advantage of this scheme is that Solr does not need to manage any
> credentials or take care of storing anything secretly. It just needs a few
> public keys to be stored in ZK and security will kick in automatically.
> External solutions can build on top of these and provide authentication etc
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
