janhoy commented on code in PR #3301: URL: https://github.com/apache/solr/pull/3301#discussion_r2032800549
########## solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc: ########## @@ -81,6 +81,14 @@ If `realm` is not defined, it will default to `solr`. If you are using SolrCloud, you must upload `security.json` to ZooKeeper. An example command and more information about securing your setup can be found at xref:authentication-and-authorization-plugins#in-a-solrcloud-cluster[Authentication and Authorization Plugins In a SolrCloud Cluster]. +=== Password Encoding + +Solr stores the passwords in the format: `base64(sha256(sha256(salt+password))) base64(salt)`. + +If you edit `security.json` directly then you need to encode the password yourself. +You can visit https://clemente-biondo.github.io/ to use a simple web utility that does the encoding for you. Review Comment: Dangerous to link to 3rd party tool, we cannot know if his account gets compromised and the script modified. Would rather copy the JS and use it somewhere in our own ref-guide or website, or perhaps even as part of Solr Admin? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
