[
https://issues.apache.org/jira/browse/SOLR-7207?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14356716#comment-14356716
]
Noble Paul commented on SOLR-7207:
----------------------------------
bq.The project aims to support most Solr actions through the Admin UI. How can
the PKI based solution be wired so that an OPS-user with his public key stored
in Solr/ZK can e.g. delete a core or upload documents, while others cannot?
We will have to provide an option of client side (JavaScript) signing in our
UI. see example here http://kjur.github.io/jsrsasign/sample-rsasign.html
bq.OPS personnel use curl or in-house tools for various Solr management tasks.
If those are not an option anymore, won't people request PKI aware CLI tooling
for all our APIs?
This WILL work with curl , you just have to sign he payload file using openssl.
see this feature that already supports it. SOLR-7126 . Most scripting tools
will let you run openssl commands and create a signature. Or if you use SolrJ,
we will automatically make this work. You will have to explicitly enable
security for any of these , for others , everything else is same
bq. Some users need to authenticate queries as well, so user A can only query
collection A and user B can only query collection B.
The querying/updating security will have to be enabled on a per collection
basis. That will be a collection property and we will let users configure any
set of keys for any collection.
bq.Do you see the PKI solution as extendable to SEARCH operations in the
future? Or would that require queries to be POSTed too?
You are right . Search can also be supported . As you said , all secure
commands must go through POST/PUT only
> Securing operations in Solr
> ---------------------------
>
> Key: SOLR-7207
> URL: https://issues.apache.org/jira/browse/SOLR-7207
> Project: Solr
> Issue Type: New Feature
> Reporter: Noble Paul
>
> Historically, Solr has always stayed away from securing any operations and we
> even allow GET operation on an HTTP end point to manipulate almost anything
> inside a Solr cluster
> We can categorize the operations such as
> * Loading executable (runtime jars) SOLR-7126
> * conf files SOLR-6736
> * schema API
> * config API
> * collections API
> * /update/* operation to any collection
> SOLR-7126 has solved this problem using PKI where the public keys can be
> uploaded to {{/keys/exe}} and all jars loaded are verified using one of the
> public keys.
> A similar scheme can be used for other operations as well. We can add keys to
> other directories and use them to verify other operations. The only catch is
> , that we will need to send all the payload via POST
> The advantage of this scheme is that Solr does not need to manage any
> credentials or take care of storing anything secretly. It just needs a few
> public keys to be stored in ZK and security will kick in automatically.
> External solutions can build on top of these and provide authentication etc
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
