[ https://issues.apache.org/jira/browse/SOLR-7236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14375630#comment-14375630 ]
Jan Høydahl commented on SOLR-7236: ----------------------------------- Looks like security is a hot topic for Solr these days, with five issues opened just the last few weeks. The last two issues SOLR-7274 and SOLR-7275 suggest adding a series of Solr-specific classes to define an API for plugging in security. I'm trying to understand why this is necessary compared to choosing a standard framework that provides all of this for us, and let Solr code focus on search, not security APIs? > Securing Solr (umbrella issue) > ------------------------------ > > Key: SOLR-7236 > URL: https://issues.apache.org/jira/browse/SOLR-7236 > Project: Solr > Issue Type: New Feature > Reporter: Jan Høydahl > Labels: Security > > This is an umbrella issue for adding security to Solr. The discussion here > should discuss real user needs and high-level strategy, before deciding on > implementation details. All work will be done in sub tasks and linked issues. > Solr has not traditionally concerned itself with security. And It has been a > general view among the committers that it may be better to stay out of it to > avoid "blood on our hands" in this mine-field. Still, Solr has lately seen > SSL support, securing of ZK, and signing of jars, and discussions have begun > about securing operations in Solr. > Some of the topics to address are > * User management (flat file, AD/LDAP etc) > * Authentication (Admin UI, Admin and data/query operations. Tons of auth > protocols: basic, digest, oauth, pki..) > * Authorization (who can do what with what API, collection, doc) > * Pluggability (no user's needs are equal) > * And we could go on and on but this is what we've seen the most demand for -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org