[jira] [Commented] (SOLR-12976) Unify RedactionUtils and metrics hiddenSysProps settings

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SOLR-12976) Unify RedactionUtils and metrics hiddenSysProps settings

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-12976?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16680583#comment-16680583 ]

Jan Høydahl commented on SOLR-12976:
------------------------------------

Valid point. If you know of more Solr APIs that expose system properties then please share so we can include them in the design.

Of course if you have shell access to the server and can see the command line, you will see them all. But this issue is for protecting the APIs (and thus also the UI).

In metrics API the whole property is hidden. We could also do that in /admin/info/system for consistency. It does not help much for a user to see the text {{--REDACTED--}} except when explicitly checking to see if some prop is set. Perhaps an alternative for the UI is to display a text below the properties saying "Some properties were hidden"

> Unify RedactionUtils and metrics hiddenSysProps settings
> --------------------------------------------------------
>
>                 Key: SOLR-12976
>                 URL: https://issues.apache.org/jira/browse/SOLR-12976
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public)
>          Components: security
>            Reporter: Jan Høydahl
>            Priority: Major
>
> System properties can contain sensitive data, and they are easily available from the Admin UI (/admin/info/system) and also from the Metrics API (/admin/metrics).
> By default the {{/admin/info/system}} redacts any sys prop with a key containing *password*. This can be configured with sysprop {{-Dsolr.redaction.system.pattern=<regex>}}
> The metrics API by default hides these sysprops from the API output:
> {code:java}
>     "javax.net.ssl.keyStorePassword",
>     "javax.net.ssl.trustStorePassword",
>     "basicauth",
>     "zkDigestPassword",
>     "zkDigestReadonlyPassword"
> {code}
> You can redefine these by adding a section to {{solr.xml}}: ([https://lucene.apache.org/solr/guide/7_5/metrics-reporting.html#the-metrics-hiddensysprops-element])
> {code:xml}
> <metrics>
>  <hiddenSysProps>
>    <str>foo</str>
>    <str>bar</str>
>    <str>baz</str>
>  </hiddenSysProps>
> </metrics>{code}
> h2. Unifying the two
> It is not very user firiendly to have two different systems for redacting system properties and two sets of defaults. This goals of this issue are
>  * Keep only one set of defaults
>  * Both metrics and system info handler will use the same source
>  * It should be possible to change and persist the list without a full cluster restart, preferably though some API
> Note that the {{solr.redaction.system.pattern}} property is not documented in the ref guide, so this Jira should also fix documentation!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]