[
https://issues.apache.org/jira/browse/SOLR-9609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15622770#comment-15622770
]
Erick Erickson commented on SOLR-9609:
--------------------------------------
[~janhoy] As a sysprop every solr.in.sh file (or whatever) would have to be
modified, leaving the chance of one of your N nodes not getting the update.
Putting it up on Zookeeper in security.json makes that much less likely.
Hmmm, but what about sequencing here? In order to pull it from security.json,
we need to be able to connect to Zookeeper. I'm assuming that this is
irrelevant for fetching the security.json file from Zookeeper? You see where
this is going, if we have to have this value correctly set in order to get data
from Zookeeper, then it must go in solr.in.sh......
That said, I don't have a strong opinion here although I slightly lean towards
putting this in the security.json file unless that'd be a problem.
NOTE: SOLR-9481 appears to have been committed to 6x, so if we choose to put
this in security.json we can go forward with this ticket.
I've assigned it to myself to not lose track of it, but anyone else who wants
to pick it up please feel free.
Erick
> Change hard-coded keysize from 512 to 1024
> ------------------------------------------
>
> Key: SOLR-9609
> URL: https://issues.apache.org/jira/browse/SOLR-9609
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Jeremy Martini
> Assignee: Erick Erickson
> Attachments: SOLR-9609.patch, SOLR-9609.patch, solr.log
>
>
> In order to configure our dataSource without requiring a plaintext password
> in the configuration file, we extended JdbcDataSource to create our own
> custom implementation. Our dataSource config now looks something like this:
> {code:xml}
> <dataSource type="com.foo.FooDataSource" driver="oracle.jdbc.OracleDriver"
> url="jdbc:oracle:thin:@db-host-machine:1521:tst1" user="testuser"
> password="{ENC}{1.1}1ePOfWcbOIU056gKiLTrLw=="/>
> {code}
> We are using the RSA JSAFE Crypto-J libraries for encrypting/decrypting the
> password. However, this seems to cause an issue when we try use Solr in a
> Cloud Configuration (using Zookeeper). The error is "Strong key gen and
> multiprime gen require at least 1024-bit keysize." Full log attached.
> This seems to be due to the hard-coded value of 512 in the
> org.apache.solr.util.CryptoKeys$RSAKeyPair class:
> {code:java}
> public RSAKeyPair() {
> KeyPairGenerator keyGen = null;
> try {
> keyGen = KeyPairGenerator.getInstance("RSA");
> } catch (NoSuchAlgorithmException e) {
> throw new SolrException(SolrException.ErrorCode.SERVER_ERROR, e);
> }
> keyGen.initialize(512);
> {code}
> I pulled down the Solr code, changed the hard-coded value to 1024, rebuilt
> it, and now everything seems to work great.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
