[ https://issues.apache.org/jira/browse/SOLR-12976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Høydahl resolved SOLR-12976. -------------------------------- Resolution: Done This is done elsewhere > Unify RedactionUtils and metrics hiddenSysProps settings > -------------------------------------------------------- > > Key: SOLR-12976 > URL: https://issues.apache.org/jira/browse/SOLR-12976 > Project: Solr > Issue Type: Improvement > Components: security > Reporter: Jan Høydahl > Priority: Major > > System properties can contain sensitive data, and they are easily available > from the Admin UI (/admin/info/system) and also from the Metrics API > (/admin/metrics). > By default the {{/admin/info/system}} redacts any sys prop with a key > containing *password*. This can be configured with sysprop > {{-Dsolr.redaction.system.pattern=<regex>}} > The metrics API by default hides these sysprops from the API output: > {code:java} > "javax.net.ssl.keyStorePassword", > "javax.net.ssl.trustStorePassword", > "basicauth", > "zkDigestPassword", > "zkDigestReadonlyPassword" > {code} > You can redefine these by adding a section to {{solr.xml}}: > ([https://lucene.apache.org/solr/guide/7_5/metrics-reporting.html#the-metrics-hiddensysprops-element]) > {code:xml} > <metrics> > <hiddenSysProps> > <str>foo</str> > <str>bar</str> > <str>baz</str> > </hiddenSysProps> > </metrics>{code} > h2. Unifying the two > It is not very user firiendly to have two different systems for redacting > system properties and two sets of defaults. This goals of this issue are > * Keep only one set of defaults > * Both metrics and system info handler will use the same source > * It should be possible to change and persist the list without a full > cluster restart, preferably though some API > Note that the {{solr.redaction.system.pattern}} property is not documented in > the ref guide, so this Jira should also fix documentation! -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org