[jira] [Commented] (SOLR-13345) Admin UI login page doesn't accept empty passwords

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[jira] [Commented] (SOLR-13345) Admin UI login page doesn't accept empty passwords

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-13345?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16818618#comment-16818618 ]

Märt commented on SOLR-13345:
-----------------------------

{quote}Or generate a strong password in the first place, and communicate this to the customer in the welcome email?{quote}

The initial password is hard coded exactly so that the installer script could do the password reset with a proper password :) It's more secure if we never have to see the password or communicate it.

But anyway, if the rest of the cli doesn't support empty passwords either, then I suppose it's not too hard for us to use SolrRocks or something non-empty like that for the initial password to keep it consistent. It's fine to close this as won't fix. Thank you for the discussion!

> Admin UI login page doesn't accept empty passwords
> --------------------------------------------------
>
>                 Key: SOLR-13345
>                 URL: https://issues.apache.org/jira/browse/SOLR-13345
>             Project: Solr
>          Issue Type: Bug
>      Security Level: Public(Default Security Level. Issues are Public)
>          Components: Admin UI
>    Affects Versions: 7.7, 8.0
>            Reporter: Märt
>            Priority: Minor
>
> In solr 7.6 and older, it was possible to log in with an empty password using basic auth. The new Admin UI login page implemented in SOLR-7896 no longer accepts empty passwords.
> This issue was discussed in the solr-user mailing list http://mail-archives.apache.org/mod_mbox/lucene-solr-user/201903.mbox/%3C7629BDDD-3D22-4203-9188-0E0A8DCF2FEE%40cominvent.com%3E



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]