janhoy commented on code in PR #2257: URL: https://github.com/apache/solr/pull/2257#discussion_r1486153466
########## solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc: ########## @@ -55,7 +55,7 @@ There are several options defined in this example: <1> The first block defines the authentication plugin to be used and its parameters. <2> The parameter `"blockUnknown":true` means that unauthenticated requests are not allowed to pass through. -<3> A user called 'solr', with a password `'SolrRocks'` has been defined. +<3> A user called 'solr', with a password `'SolrRocks'` in the format `base64(<password hash>) base64(<salt>)` has been defined. Review Comment: No need to repeat this detail here again. ```suggestion <3> A user called 'solr', with a password `'SolrRocks'`, in the encoded format detailed above, has been defined. ``` ########## solr/solr-ref-guide/modules/deployment-guide/pages/basic-authentication-plugin.adoc: ########## @@ -29,7 +29,7 @@ This file and where to put it is described in detail in the section xref:authent If running in cloud mode, you can use the `bin/solr auth` command-line utility to enable security for a new installation, see: `bin/solr auth --help` for more details. For Basic authentication, `security.json` must have an `authentication` block which defines the class being used for authentication. -Usernames and passwords (as a sha256(password+salt) hash) could be added when the file is created, or can be added later with the Authentication API, described below. +Usernames and passwords (as a base64 encoded `sha256(sha256(salt+password))` hash) could be added when the file is created, or can be added later with the Authentication API, described below. Review Comment: ```suggestion Usernames and passwords (Format: `base64(sha256(sha256(salt+password)) base64(salt)`) could be added when the file is created, or can be added later with the Authentication API, described below. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org
