Securing solr index

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Securing solr index

Suresh Vanasekaran
Hi,

We are having the solr index maintained in a central server and multiple users might be able to access the index data.

May I know what are best practice for securing the solr index folder where ideally only application user should be able to access. Even an admin user should not be able to copy the data and use it in another schema.

Thanks



**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail and delete the original message. Further, you are not
to copy, disclose, or distribute this e-mail or its contents to any other person and
any such actions are unlawful. This e-mail may contain viruses. Infosys has taken
every reasonable precaution to minimize this risk, but is not liable for any damage
you may sustain as a result of any virus in this e-mail. You should carry out your
own virus checks before opening the e-mail or attachment. Infosys reserves the
right to monitor and review the content of all messages sent to or from this e-mail
address. Messages sent to or from this e-mail address may be stored on the
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
Reply | Threaded
Open this post in threaded view
|

Re: Securing solr index

Dan Davis-2
Where you want true Role-Based Access Control (RBAC) on each index (core or
collection), one solution is to buy Solr Enterprise from LucidWorks.

My personal practice is mostly dictated by financial decisions:

   - Each core/index has its configuration directory in a Git
   repository/branch where the Git repository software provides RBAC.
   - This relies on developers to keep a separate Solr for development, and
   then to check-in their configuration directory changes when they are
   satisfied with the changes.   This is probably a best practice anyway :)
   - "Continuous Integration" pushes the Git configuration appropriately
   when a particular branch changes.
   - The main URL "/solr" has security provided by Apache httpd on port 80
   (a reverse proxy to http://localhost:8983/solr/)
   - That port is also open, secured by IP address, to other Solr nodes in
   the cluster.
   - The /select request Handler for each core/collection is reverse
   proxied to "/search/<corename>".
   - The Solr Amin UI uses a authentication/authorization handler such that
   only the "Search Administrators" group has access to it.

The security here relies on search developers not enabling "handleSelect"
in their solrconfig.xml.    The security can also be extended by adding
security on reverse proxied URLs such as "/search/<corename>" and
"/update/<corename>" so that the client application needs to know some key,
or have access to an SSL private key file.

The downside is that only "Search Administrators" group has access to the
QA or production Solr Admin UI.


On Mon, Apr 13, 2015 at 6:13 AM, Suresh Vanasekaran <
[hidden email]> wrote:

> Hi,
>
> We are having the solr index maintained in a central server and multiple
> users might be able to access the index data.
>
> May I know what are best practice for securing the solr index folder where
> ideally only application user should be able to access. Even an admin user
> should not be able to copy the data and use it in another schema.
>
> Thanks
>
>
>
> **************** CAUTION - Disclaimer *****************
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
> solely
> for the use of the addressee(s). If you are not the intended recipient,
> please
> notify the sender by e-mail and delete the original message. Further, you
> are not
> to copy, disclose, or distribute this e-mail or its contents to any other
> person and
> any such actions are unlawful. This e-mail may contain viruses. Infosys
> has taken
> every reasonable precaution to minimize this risk, but is not liable for
> any damage
> you may sustain as a result of any virus in this e-mail. You should carry
> out your
> own virus checks before opening the e-mail or attachment. Infosys reserves
> the
> right to monitor and review the content of all messages sent to or from
> this e-mail
> address. Messages sent to or from this e-mail address may be stored on the
> Infosys e-mail system.
> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>
Reply | Threaded
Open this post in threaded view
|

Re: Securing solr index

Per Steffensen
In reply to this post by Suresh Vanasekaran
Hi

I might misunderstand you, but if you are talking about securing the
actual files/folders of the index, I do not think this is a Solr/Lucene
concern. Use standard mechanisms of your OS. E.g. on linux/unix use
chown, chgrp, chmod, sudo, apparmor etc - e.g. allowing only root to
write the folders/files and sudo the user running Solr/Lucene to operate
as root in this area. Even admins should not (normally) operate as root
- that way they cannot write the files either. No one knows the
root-password - except maybe for the super-super-admin, or you split the
root-password in two and two admins know a part each, so that they have
to both agree in order to operate as root. Be creative yourself.

Regards, Per Steffensen

On 13/04/15 12:13, Suresh Vanasekaran wrote:

> Hi,
>
> We are having the solr index maintained in a central server and multiple users might be able to access the index data.
>
> May I know what are best practice for securing the solr index folder where ideally only application user should be able to access. Even an admin user should not be able to copy the data and use it in another schema.
>
> Thanks
>
>
>
> **************** CAUTION - Disclaimer *****************
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
> for the use of the addressee(s). If you are not the intended recipient, please
> notify the sender by e-mail and delete the original message. Further, you are not
> to copy, disclose, or distribute this e-mail or its contents to any other person and
> any such actions are unlawful. This e-mail may contain viruses. Infosys has taken
> every reasonable precaution to minimize this risk, but is not liable for any damage
> you may sustain as a result of any virus in this e-mail. You should carry out your
> own virus checks before opening the e-mail or attachment. Infosys reserves the
> right to monitor and review the content of all messages sent to or from this e-mail
> address. Messages sent to or from this e-mail address may be stored on the
> Infosys e-mail system.
> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>

Reply | Threaded
Open this post in threaded view
|

RE: Securing solr index

Davis, Daniel (NIH/NLM) [C]
That's a good point - if he's talking about securing the Solr filesystem, he can use standard mechanisms.

You can also go beyond user/group/other permissions if your filesystem supports it.   You can use Posix ACLs on many local linux filesystems.

-----Original Message-----
From: Per Steffensen [mailto:[hidden email]]
Sent: Tuesday, April 14, 2015 8:04 AM
To: [hidden email]
Subject: Re: Securing solr index

Hi

I might misunderstand you, but if you are talking about securing the actual files/folders of the index, I do not think this is a Solr/Lucene concern. Use standard mechanisms of your OS. E.g. on linux/unix use chown, chgrp, chmod, sudo, apparmor etc - e.g. allowing only root to write the folders/files and sudo the user running Solr/Lucene to operate as root in this area. Even admins should not (normally) operate as root
- that way they cannot write the files either. No one knows the root-password - except maybe for the super-super-admin, or you split the root-password in two and two admins know a part each, so that they have to both agree in order to operate as root. Be creative yourself.

Regards, Per Steffensen

On 13/04/15 12:13, Suresh Vanasekaran wrote:

> Hi,
>
> We are having the solr index maintained in a central server and multiple users might be able to access the index data.
>
> May I know what are best practice for securing the solr index folder where ideally only application user should be able to access. Even an admin user should not be able to copy the data and use it in another schema.
>
> Thanks
>
>
>
> **************** CAUTION - Disclaimer ***************** This e-mail
> contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for
> the use of the addressee(s). If you are not the intended recipient,
> please notify the sender by e-mail and delete the original message.
> Further, you are not to copy, disclose, or distribute this e-mail or
> its contents to any other person and any such actions are unlawful.
> This e-mail may contain viruses. Infosys has taken every reasonable
> precaution to minimize this risk, but is not liable for any damage you
> may sustain as a result of any virus in this e-mail. You should carry
> out your own virus checks before opening the e-mail or attachment.
> Infosys reserves the right to monitor and review the content of all
> messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system.
> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>

Reply | Threaded
Open this post in threaded view
|

Re: Securing solr index

Per Steffensen
In reply to this post by Per Steffensen
That said, it might be nice with a wiki-page (or something) explaining
how it can be done, including maybe concrete cases about exactly how it
has been done on different installations around the world using Solr

On 14/04/15 14:03, Per Steffensen wrote:

> Hi
>
> I might misunderstand you, but if you are talking about securing the
> actual files/folders of the index, I do not think this is a
> Solr/Lucene concern. Use standard mechanisms of your OS. E.g. on
> linux/unix use chown, chgrp, chmod, sudo, apparmor etc - e.g. allowing
> only root to write the folders/files and sudo the user running
> Solr/Lucene to operate as root in this area. Even admins should not
> (normally) operate as root - that way they cannot write the files
> either. No one knows the root-password - except maybe for the
> super-super-admin, or you split the root-password in two and two
> admins know a part each, so that they have to both agree in order to
> operate as root. Be creative yourself.
>
> Regards, Per Steffensen
>
> On 13/04/15 12:13, Suresh Vanasekaran wrote:
>> Hi,
>>
>> We are having the solr index maintained in a central server and
>> multiple users might be able to access the index data.
>>
>> May I know what are best practice for securing the solr index folder
>> where ideally only application user should be able to access. Even an
>> admin user should not be able to copy the data and use it in another
>> schema.
>>
>> Thanks
>>
>>
>>
>> **************** CAUTION - Disclaimer *****************
>> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
>> solely
>> for the use of the addressee(s). If you are not the intended
>> recipient, please
>> notify the sender by e-mail and delete the original message. Further,
>> you are not
>> to copy, disclose, or distribute this e-mail or its contents to any
>> other person and
>> any such actions are unlawful. This e-mail may contain viruses.
>> Infosys has taken
>> every reasonable precaution to minimize this risk, but is not liable
>> for any damage
>> you may sustain as a result of any virus in this e-mail. You should
>> carry out your
>> own virus checks before opening the e-mail or attachment. Infosys
>> reserves the
>> right to monitor and review the content of all messages sent to or
>> from this e-mail
>> address. Messages sent to or from this e-mail address may be stored
>> on the
>> Infosys e-mail system.
>> ***INFOSYS******** End of Disclaimer ********INFOSYS***
>>
>
>