[
https://issues.apache.org/jira/browse/SOLR-10100?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15855717#comment-15855717
]
Mano Kovacs commented on SOLR-10100:
------------------------------------
[~janhoy], thanks for point out the other jira. I am not completely sure the
two jiras are the same. This jira is proposing to hide passwords in general,
regardless of access level as general security hardening. I might not consider
some use-cases when the administrator needs to access the password through the
UI, so I looking forward for any suggestion.
> Hiding credentials from security.json when retrieving through /admin/zookeeper
> ------------------------------------------------------------------------------
>
> Key: SOLR-10100
> URL: https://issues.apache.org/jira/browse/SOLR-10100
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Reporter: Mano Kovacs
>
> {{/admin/zookeeper}} API is currently exposing {{security.json}} as-is, which
> can contain security credentials as well.
> Proposing a configurable list for hiding elements of {{security.json}} when
> loaded through {{/admin/zookeeper}}.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
