[
https://issues.apache.org/jira/browse/SOLR-8897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15877881#comment-15877881
]
Marcel Berteler commented on SOLR-8897:
---------------------------------------
OK, so I just discovered the hard way that using obfuscated passwords is only
working partially. SOLR 6.4.1 in cloud mode starts, the Admin UI is usable, but
some of the collection API's don't and will report a "Keystore was tampered
with, or password was incorrect" error.
> SSL-related passwords in solr.in.sh are in plain text
> -----------------------------------------------------
>
> Key: SOLR-8897
> URL: https://issues.apache.org/jira/browse/SOLR-8897
> Project: Solr
> Issue Type: Improvement
> Components: scripts and tools, security
> Reporter: Esther Quansah
>
> As per the steps mentioned at following URL, one needs to store the plain
> text password for the keystore to configure SSL for Solr, which is not a good
> idea from security perspective.
> URL:
> https://cwiki.apache.org/confluence/display/solr/Enabling+SSL#EnablingSSL-SetcommonSSLrelatedsystemproperties
>
> (https://cwiki.apache.org/confluence/display/solr/Enabling+SSL#EnablingSSL-SetcommonSSLrelatedsystemproperties)
> Is there any way so that the encrypted password can be stored (instead of
> plain password) in solr.in.cmd/solr.in.sh to configure SSL?
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
