[
https://issues.apache.org/jira/browse/SOLR-14711?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jason Gerlowski resolved SOLR-14711.
------------------------------------
Resolution: Duplicate
Hey Mark, closing this out as a duplicate of a separate issue I'd created for
this.
> Incorrect insecure settings check in CoreContainer
> --------------------------------------------------
>
> Key: SOLR-14711
> URL: https://issues.apache.org/jira/browse/SOLR-14711
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Mark Todd
> Priority: Major
>
> I've configured SolrCloud (8.5) with both SSL and Authentication which is
> working correctly. However, I get the following warning in the logs
>
> "Solr authentication is enabled, but SSL is off. Consider enabling SSL to
> protect user credentials and data with encryption"
>
> Looking at the source code for SolrCloud there appears to be a bug
> if (authenticationPlugin !=null &&
> StringUtils.isNotEmpty(System.getProperty("solr.jetty.https.port"))) {
> log.warn("Solr authentication is enabled, but SSL is off. Consider enabling
> SSL to protect user credentials and data with encryption.");
> }
>
> Rather than checking for an empty system property (which would indicate SLL
> is off) its checking for a populated one which is what you get when SSL is on.
> This is a major issue because administrators are very concerned that Solr has
> been deployed in an insecure fashion.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
