Jan Høydahl created SOLR-18009:
----------------------------------
Summary: Allow Auth/Authz without TLS
Key: SOLR-18009
URL: https://issues.apache.org/jira/browse/SOLR-18009
Project: Solr
Issue Type: Task
Components: security
Reporter: Jan Høydahl
Today if you enable Auth/Authz without also enabling TLS, I believe you will
get spammed about an insecure system. Which is ok in most cases.
However, if you run Solr on a service mesh, where you delegate TLS termination
(and cert generation, rotation) to the mesh through a sidecar container or
otherwise, it should be perfectly ok to run Auth on http on the solr app level.
So I guess I'd like a way to declare in some config that Solr is protected by
TLS by an external system.
I'm opening this to record the wish, then hope to circle back to this later
with a concrete proposal. In the meantime, feel free to discuss.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
