[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[jira] [Commented] (SOLR-7896) Add a login page for Solr Administrative Interface

JIRA jira@apache.org

    [ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15932884#comment-15932884 ]

Shawn Heisey commented on SOLR-7896:

Been a while since I said anything on this issue.  I have skimmed the newest comments, but haven't read them in-depth.

For security on the admin UI, do we want basic authentication, or do we want to use a form-and-cookie approach like the vast majority of web applications?  HTTP basic authentication is probably the only sane choice for the API, though.

Enabling SSL out of the box still seems like a bad idea, and enabling authentication on the API by default also seems like a bad idea.  Requiring authentication out of the box for the admin UI, probably with cookies, doesn't seem quite so insane, though.  It might be the sort of thing where no password exists initially, but the first time you access the UI, it forces you to set one.  In cloud mode, that would probably update zookeeper, affecting all Solr instances.

What would be really nice to have is the ability to enable/disable and configure API authentication within the admin UI.

> Add a login page for Solr Administrative Interface
> --------------------------------------------------
>                 Key: SOLR-7896
>                 URL: https://issues.apache.org/jira/browse/SOLR-7896
>             Project: Solr
>          Issue Type: New Feature
>          Components: Admin UI, security
>    Affects Versions: 5.2.1
>            Reporter: Aaron Greenspan
>              Labels: authentication, login, password
> Out of the box, the Solr Administrative interface should require a password that the user is required to set.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]