janhoy edited a comment on issue #331: URL: https://github.com/apache/solr-operator/issues/331#issuecomment-947622521
Looks like tehre is some traction on https://github.com/apache/solr/pull/355 which could be a workaround for operator, exporter, bin/solr etc. Only worry I have is for some orgs that deem BasicAuth not secure enough that they don't want to enable it at all. So I wonder if it makes sense to introduce an IP-address allowlist to BasicAuth, so you can explicitly allow those servers on the network that need access. I realize this may be hard in k8s where IPs can change any time. I don't know if it is a valid concern though. But perhaps those few user/pass combinations in basicAuth config could be copuled to a role that has very limited permissions in authz, and that solves the issue? Is it possible to make a permission that only allows CLUSTERSTATUS command to the collections API, i.e. not allow any write operations? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
