Jan Høydahl created SOLR-7236: --------------------------------- Summary: Securing Solr (umbrella issue) Key: SOLR-7236 URL: https://issues.apache.org/jira/browse/SOLR-7236 Project: Solr Issue Type: New Feature Reporter: Jan Høydahl
This is an umbrella issue for adding security to Solr. The discussion here should discuss real user needs and high-level strategy, before deciding on implementation details. All work will be done in sub tasks and linked issues. Solr has not traditionally concerned itself with security. And It has been a general view among the committers that it may be better to stay out of it to avoid "blood on our hands" in this mine-field. Still, Solr has lately seen SSL support, securing of ZK, and signing of jars, and discussions have begun about securing operations in Solr. Some of the topics to address are * User management (flat file, AD/LDAP etc) * Authentication (Admin UI, Admin and data/query operations. Tons of auth protocols: basic, digest, oauth, pki..) * Authorization (who can do what with what API, collection, doc) * Pluggability (no user's needs are equal) * And we could go on and on but this is what we've seen the most demand for -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org