[ https://issues.apache.org/jira/browse/SOLR-13463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16840738#comment-16840738 ]
Jan Høydahl commented on SOLR-13463: ------------------------------------ You MUST use SSL together with Basic auth. You find instructions in Solr reference guide on how to enable SSL for your cluster. > Solr admin user credentials defined with -Dbasicauth property during start is > visible in admin UI to any user. > -------------------------------------------------------------------------------------------------------------- > > Key: SOLR-13463 > URL: https://issues.apache.org/jira/browse/SOLR-13463 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Components: Admin UI > Affects Versions: 7.7.1 > Environment: QA > Reporter: Vinodh > Priority: Major > Labels: admin-interface, credentials > > We have configured Solr basic authentication in our environment and used > Dbasicauth property to define username:password. Since these property will be > added to Solr startup, the Solr admin username & password details defined > with -Dbasicauth property are displayed in plain text format to all users who > are able to login into admin UI interface in JVM & Java properties sections. > So even a read user who has privileges to login admin UI can able to see > admin user username & password details. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org