[jira] [Commented] (SOLR-7236) Securing Solr (umbrella issue)

Mon, 23 Mar 2015 02:47:42 -0700 

    [ 
https://issues.apache.org/jira/browse/SOLR-7236?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14375630#comment-14375630
 ] 

Jan Høydahl commented on SOLR-7236:
-----------------------------------

Looks like security is a hot topic for Solr these days, with five issues opened 
just the last few weeks.

The last two issues SOLR-7274 and SOLR-7275 suggest adding a series of 
Solr-specific classes to define an API for plugging in security. I'm trying to 
understand why this is necessary compared to choosing a standard framework that 
provides all of this for us, and let Solr code focus on search, not security 
APIs?

> Securing Solr (umbrella issue)
> ------------------------------
>
>                 Key: SOLR-7236
>                 URL: https://issues.apache.org/jira/browse/SOLR-7236
>             Project: Solr
>          Issue Type: New Feature
>            Reporter: Jan Høydahl
>              Labels: Security
>
> This is an umbrella issue for adding security to Solr. The discussion here 
> should discuss real user needs and high-level strategy, before deciding on 
> implementation details. All work will be done in sub tasks and linked issues.
> Solr has not traditionally concerned itself with security. And It has been a 
> general view among the committers that it may be better to stay out of it to 
> avoid "blood on our hands" in this mine-field. Still, Solr has lately seen 
> SSL support, securing of ZK, and signing of jars, and discussions have begun 
> about securing operations in Solr.
> Some of the topics to address are
> * User management (flat file, AD/LDAP etc)
> * Authentication (Admin UI, Admin and data/query operations. Tons of auth 
> protocols: basic, digest, oauth, pki..)
> * Authorization (who can do what with what API, collection, doc)
> * Pluggability (no user's needs are equal)
> * And we could go on and on but this is what we've seen the most demand for



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

Reply via email to