[jira] [Resolved] (SOLR-12976) Unify RedactionUtils and metrics hiddenSysProps settings

Mon, 11 Sep 2023 05:16:06 -0700 


     [ 
https://issues.apache.org/jira/browse/SOLR-12976?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Jan Høydahl resolved SOLR-12976.
--------------------------------
    Resolution: Done

This is done elsewhere

> Unify RedactionUtils and metrics hiddenSysProps settings
> --------------------------------------------------------
>
>                 Key: SOLR-12976
>                 URL: https://issues.apache.org/jira/browse/SOLR-12976
>             Project: Solr
>          Issue Type: Improvement
>          Components: security
>            Reporter: Jan Høydahl
>            Priority: Major
>
> System properties can contain sensitive data, and they are easily available 
> from the Admin UI (/admin/info/system) and also from the Metrics API 
> (/admin/metrics).
> By default the {{/admin/info/system}} redacts any sys prop with a key 
> containing *password*. This can be configured with sysprop 
> {{-Dsolr.redaction.system.pattern=<regex>}}
> The metrics API by default hides these sysprops from the API output:
> {code:java}
>     "javax.net.ssl.keyStorePassword",
>     "javax.net.ssl.trustStorePassword",
>     "basicauth",
>     "zkDigestPassword",
>     "zkDigestReadonlyPassword"
> {code}
> You can redefine these by adding a section to {{solr.xml}}: 
> ([https://lucene.apache.org/solr/guide/7_5/metrics-reporting.html#the-metrics-hiddensysprops-element])
> {code:xml}
> <metrics>
>  <hiddenSysProps>
>    <str>foo</str>
>    <str>bar</str>
>    <str>baz</str>
>  </hiddenSysProps>
> </metrics>{code}
> h2. Unifying the two
> It is not very user firiendly to have two different systems for redacting 
> system properties and two sets of defaults. This goals of this issue are
>  * Keep only one set of defaults
>  * Both metrics and system info handler will use the same source
>  * It should be possible to change and persist the list without a full 
> cluster restart, preferably though some API
> Note that the {{solr.redaction.system.pattern}} property is not documented in 
> the ref guide, so this Jira should also fix documentation!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to