[
https://issues.apache.org/jira/browse/SOLR-13345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16816933#comment-16816933
]
Märt commented on SOLR-13345:
-----------------------------
I have the following use case:
# version control contains solr config with preconfigured schema and
security.json (BasicAuthPlugin+RuleBasedAuthorizationPlugin preconfigured with
an empty password).
# CI deploys the product to the customer
# as one time initialization, the customer sends a single request to solr to
change the password. everything else is already preconfigured.
In the development environments, changing the password is not necessary as
nothing sensitive is indexed. So we just skip changing the password and use the
empty password. This way the dev environment is identical to the customer's
with no manual steps required.
One could argue that we could set the initial password to "password" or
"12345", but this wouldn't make anything more secure and simply make the
developer login more inconvenient.
Thank you for considering the issue
> Admin UI login page doesn't accept empty passwords
> --------------------------------------------------
>
> Key: SOLR-13345
> URL: https://issues.apache.org/jira/browse/SOLR-13345
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Admin UI
> Affects Versions: 7.7, 8.0
> Reporter: Märt
> Priority: Minor
>
> In solr 7.6 and older, it was possible to log in with an empty password using
> basic auth. The new Admin UI login page implemented in SOLR-7896 no longer
> accepts empty passwords.
> This issue was discussed in the solr-user mailing list
> http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
