[ https://issues.apache.org/jira/browse/SOLR-15525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17382211#comment-17382211 ]
Chris M. Hostetter commented on SOLR-15525: ------------------------------------------- [~thelabdude]- i'm a little late to the party, but i'm curious why you implemented this as additions to VMParamsAllAndReadonlyDigestZkACLProvider and VMParamsSingleSetCredentialsDigestZkCredentialsProvider instead of just writing new impls? The existing impls have it right in their name that they read the ACLs/credenetials from VMParams ... it seems like this new logic would make more sense in some FileBasedZkACLProvider and FileBasedZkCredentialsProvider ? (either that, or change the impls so that after reading from the file, they still checked the same sysprops to override/augment the file – so for example: you could put the passwords in the file but leave the usernames in sysprops on the command line ... then it would make more sense to have this functionality in the existing classes) ---- In general though i feel like if we're going to provide out of the box support for reading credentials and ACLs from a file, we should consider "thinking bigger" then just a simple properties file, and have something that can specify multiple acls of various types? (i've been talking with some users who want to be able to do rolling restarts where they rotate credentials w/o risk of some solr nodes creating znodes that other solr nodes can't read during the rolling restarts, and having the ability to use a structured file to configure more then just one "ALL" and one "READ" ACL seems promising ... but again: i suppose that could be be done in other impls of the ACL/Crednetials Providers if you feel strongly about also having a "simpler" Properties file based impls) (Also, FWIW: see SOLR-15548 .. the fact that you had to modify two Provider classes, which users have to configure separately in order for any ACLs to work, seems insane to me) > Provide zkCredentialsProvider and zkACLProvider that loads credentials from a > file or env vars instead of sys props > ------------------------------------------------------------------------------------------------------------------- > > Key: SOLR-15525 > URL: https://issues.apache.org/jira/browse/SOLR-15525 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: security > Reporter: Timothy Potter > Assignee: Timothy Potter > Priority: Minor > Fix For: main (9.0), 8.10 > > Time Spent: 3h 10m > Remaining Estimate: 0h > > Currently, the {{VMParamsSingleSetCredentialsDigestZkCredentialsProvider}} > and {{VMParamsAllAndReadonlyDigestZkACLProvider}} load ZK credentials from > Java system properties. Solr should provide an alternative impl to load this > information from a file (and maybe env vars too). This avoids leaking the > credentials in the JVM system properties that get logged as well as shown in > the UI. > It would also be nice if this file could store the credentials encrypted, as > suggested by SOLR-11655, however that requires a global encryption password > (such as http://www.jasypt.org/) so is merely security through obscurity b/c > anyone with shell access could track down this encryption password and > decrypt the ZK credentials in the file. Of course every Solr node has its own > private key for the PKI auth frmk, but that's not helpful for this problem > because the encryption key needs to be shared among all the nodes so they can > decrypt the ZK creds. So I'm going to skip that part for now and just > implement loading the plain-text creds from a file. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org