Hi Shi Wei,
there is a way, although definitely not the recommended one.
Sorry, and it took me a little bit to proof it.
Do you know about external XML entities or XXE attacks?
1. On top of the index-writers.xml you add an entity declaration:
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE urlset [
<!ENTITY CREDENTIALS SYSTEM "file:///path/to/credentials.txt">
]>
2. it's used later in the index writer spec:
<writer id="indexer_solr_1"
class="org.apache.nutch.indexwriter.solr.SolrIndexWriter">
<parameters>
...
&CREDENTIALS;
</parameters>
3. you add your credentials snippet to the file /path/to/credentials.txt
<param name="username" value="username"/>
<param name="password" value="SECRET"/>
4. and voila:
$> bin/nutch index crawldb segment
...
├────────────┼─────────────────────────────┼─────────┤
│username │The username of Solr server. │username │
├────────────┼─────────────────────────────┼─────────┤
│password │The password of Solr server. │SECRET │
└────────────┴─────────────────────────────┴─────────┘
Note: this is an dirty hack but not a security issue: with access to the
index-writers.xml you can write anything into it. But there is no
guarantee that this hack will continue to work in the future.
Would you please be so kind to open a Jira issue to add real support
for passwords in the index-writers.xml
Best,
Sebastian
On 11/10/21 11:16, [email protected] wrote:
> Hi ,
>
>
>
>
>
> We have tried the variable expansion method on the index-writers.xml, it
> doesn't work. Could you advise if there are any alternative ways to encrypt
> the password in the index-writers.xml file?
>
>
>
>
>
> Best Regards,
>
> Shi Wei
>
>
>
>
