[
https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15609286#comment-15609286
]
Erick Erickson commented on SOLR-9609:
--------------------------------------
Ah, that explains it. I was looking at 6x code when I claimed security.json
wasn't being used in stand-alone. 9481 hasn't been back-ported to 6x yet.
bq: But as per my understanding we are storing security.json (as well as other
configs such as solr.xml etc.) in Zookeeper to avoid having to specify such
configurations on each host separately
This makes total sense to me. Plus I don't want to _ever_ have to track down
that the system property was set differently on one of 250 nodes because
somehow the startup script wasn't propagated, having it on ZK makes _much_ more
sense, thanks for suggesting it.
As far as going forward: Once using security.json in stand-alone is committed
to 6x, we can make this one happen. It's a pretty trivial change all told.
> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
> Key: SOLR-9609
> URL: https://issues.apache.org/jira/browse/SOLR-9609
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Jeremy Martini
> Attachments: SOLR-9609.patch, SOLR-9609.patch, solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password
> in the configuration file, we extended JdbcDataSource to create our own
> custom implementation. Our dataSource config now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
> password. However, this seems to cause an issue when we try use Solr in a
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> multiprime gen require at least 1024-bit keysize." Full log attached.
> This seems to be due to the hard-coded value of 512 in the
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> {code:java}
> public RSAKeyPair() {
> KeyPairGenerator keyGen = null;
> try {
> keyGen = KeyPairGenerator.getInstance("RSA");
> } catch (NoSuchAlgorithmException e) {
> throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
> }
> keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt
> it, and now everything seems to work great.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
