[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17007910#comment-17007910
]
Ishan Chattopadhyaya commented on SOLR-14158:
---------------------------------------------
I think this option should be the default. Also, I think we should remove the
ZK keys option as it is not secure and supporting it (even with a flag) might
lead to confusion for the user.
> package manager to read keys from packagestore and not ZK
> ----------------------------------------------------------
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Major
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store. The default
> behavior will be to read from ZK
> The nodes must be started with {{-Dpkg.keys=filestore}}
> This will
> * disable the remote {{PUT /api/cluster/files}}
> * The CLI will directly write to the keys to
> {{<SOLR_HOME>/filestore/_trusted_keys/}} dir
> * The CLI directly writes the package artifacts to the local solr and ask
> other nodes to fetch from this node. Nobody can upload executable jars over a
> remote call
> * Keys stored in ZK will not be used or trusted. So nobody can attack the
> cluster by publishing a malicious key into Solr
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
