[jira] [Updated] (NUTCH-3166) Create a security page

Thu, 09 Apr 2026 05:44:24 -0700 


     [ 
https://issues.apache.org/jira/browse/NUTCH-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sebastian Nagel updated NUTCH-3166:
-----------------------------------
    Description: 
The Nutch website lacks a security page describing the security model, best 
practices, do's and don'ts. It should cover:
- sensitive settings in the Nutch configuration
- the requirement of trusted access to configuration and log files
- securing the Nutch runtime
- security considerations for the Nutch REST API
- dangers of leaking private information if crawled content is exposed in a 
public search index

A starting point and example could be the [StormCrawler security 
page|https://stormcrawler.apache.org/security/].

The ASF security team also shared instructions about [Documenting your security 
model|https://cwiki.apache.org/confluence/display/SECURITY/Documenting+your+security+model].

  was:
The Nutch website lacks a security page describing the security model, best 
practices, do's and don'ts. It should cover:
- sensitive settings in the Nutch configuration
- the requirement of trusted access to configuration and log files
- securing the Nutch runtime
- security considerations for the Nutch REST API
- dangers of leaking private information if crawled content is exposed in a 
public search index

A starting point and example could be the [StormCrawler security 
page|https://stormcrawler.apache.org/security/].

The ASF security team also shared instructions about [Documenting your security 
model|https://cwiki.apache.org/confluence/display/SECURITY/Documenting+your+security+model).


> Create a security page
> ----------------------
>
>                 Key: NUTCH-3166
>                 URL: https://issues.apache.org/jira/browse/NUTCH-3166
>             Project: Nutch
>          Issue Type: Wish
>          Components: website
>    Affects Versions: 1.22
>            Reporter: Sebastian Nagel
>            Priority: Major
>             Fix For: 1.23
>
>
> The Nutch website lacks a security page describing the security model, best 
> practices, do's and don'ts. It should cover:
> - sensitive settings in the Nutch configuration
> - the requirement of trusted access to configuration and log files
> - securing the Nutch runtime
> - security considerations for the Nutch REST API
> - dangers of leaking private information if crawled content is exposed in a 
> public search index
> A starting point and example could be the [StormCrawler security 
> page|https://stormcrawler.apache.org/security/].
> The ASF security team also shared instructions about [Documenting your 
> security 
> model|https://cwiki.apache.org/confluence/display/SECURITY/Documenting+your+security+model].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to