[jira] [Commented] (SOLR-15525) Provide zkCredentialsProvider and zkACLProvider that loads credentials from a file or env vars instead of sys props

Fri, 09 Jul 2021 09:24:14 -0700 


    [ 
https://issues.apache.org/jira/browse/SOLR-15525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17378153#comment-17378153
 ] 

Timothy Potter commented on SOLR-15525:
---------------------------------------

As a really simple hack, we could alter the 
{{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} and 
{{VMParamsAllAndReadonlyDigestZkACLProvider}} to support a syntax like: 
{{env:PASSWORD_IN_ENV_VAR}} to allow loading the passwords from an environment 
variable instead of a system property ...

> Provide zkCredentialsProvider and zkACLProvider that loads credentials from a 
> file or env vars instead of sys props
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: SOLR-15525
>                 URL: https://issues.apache.org/jira/browse/SOLR-15525
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: security
>            Reporter: Timothy Potter
>            Assignee: Timothy Potter
>            Priority: Major
>
> Currently, the {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} 
> and {{VMParamsAllAndReadonlyDigestZkACLProvider}} load ZK credentials from 
> Java system properties. Solr should provide an alternative impl to load this 
> information from a file (and maybe env vars too). This avoids leaking the 
> credentials in the JVM system properties that get logged as well as shown in 
> the UI.
> It would also be nice if this file could store the credentials encrypted, as 
> suggested by SOLR-11655, however that requires a global encryption password 
> (such as http://www.jasypt.org/) so is merely security through obscurity b/c 
> anyone with shell access could track down this encryption password and 
> decrypt the ZK credentials in the file. Of course every Solr node has its own 
> private key for the PKI auth frmk, but that's not helpful for this problem 
> because the encryption key needs to be shared among all the nodes so they can 
> decrypt the ZK creds. So I'm going to skip that part for now and just 
> implement loading the plain-text creds from a file.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to