Yes, you should setup basic auth without SSL it in a very protected network only
On Wed, Jan 25, 2017 at 3:27 AM, Steve Davids <sdav...@gmail.com> wrote: > Don't let "basic auth" without SSL think there is inherent security, if > someone has access to the network it is trivial to sniff network traffic > and pickup the username/password (as noted in the caveats section > <https://cwiki.apache.org/confluence/display/solr/Basic+Authentication+Plugin>). > There is a little more overhead for setting up SSL connections but as long > as there is keep-alives it's not too big of a penalty. Another option could > be using two-way SSL for authentication purposes. > > -Steve > > On Fri, Jan 20, 2017 at 1:00 AM, Byunghoon Lim <seian.h...@gmail.com> > wrote: > >> Hi Ishan! Thanks for the advice :) I will try it. >> >> Best, >> Hoon >> >> Regards, >> Hoon >> >> On Fri, Jan 20, 2017 at 11:55 AM, Ishan Chattopadhyaya < >> ichattopadhy...@gmail.com> wrote: >> >>> Basic auth should have the best performance (almost negligible >>> difference between unsecured and secured). Also, you could try delegation >>> tokens support. >>> >>> On Fri, Jan 20, 2017 at 7:41 AM, Byunghoon Lim <seian.h...@gmail.com> >>> wrote: >>> >>>> Hi! I am Hoon who is running a Solr cluster on production. >>>> >>>> I am considering adding an authentication for Solr Cloud using like >>>> Basic Authentication plugin. Here, my concern is, if I bring the >>>> authentication plugin to the cluster, how much latency will increase or >>>> affected. >>>> >>>> Is there any results or data for the performance? >>>> or, please let me know the best authentication plugin which doesn't >>>> affect latency. >>>> >>>> Thanks in advance. >>>> >>>> Best, >>>> Hoon >>>> >>> >>> >> > -- ----------------------------------------------------- Noble Paul
