[
https://issues.apache.org/jira/browse/SOLR-14158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17008467#comment-17008467
]
Noble Paul commented on SOLR-14158:
-----------------------------------
I agree with you [~ichattopadhyaya]. Storing keys in ZK makes this feature
vulnerable.
* People do not know how to secure their ZK properly. However, most ops people
know how to secure their file system.
* Any security vulnerability in ZK in the future will result in Solr being
vulnerable as well. At that point, our only choice will be to totally disable
this feature. We cannot make Solr rely on the security of some other system
> package manager to read keys from packagestore and not ZK
> ----------------------------------------------------------
>
> Key: SOLR-14158
> URL: https://issues.apache.org/jira/browse/SOLR-14158
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: packages
> Reporter: Noble Paul
> Assignee: Noble Paul
> Priority: Major
> Labels: packagemanager
>
> The security of the package system relies on securing ZK. It's much easier
> for users to secure the file system than securing ZK.
> We provide an option to read public keys from file store.
> This will
> * Have a special directory called {{_trusted_}} . Direct writes are forbidden
> to that directory over http
> * The CLI directly writes to the keys to
> {{<SOLR_HOME>/filestore/_trusted_/keys/}} directory. Other nodes are asked to
> fetch the public key files from that node
> * Package artifacts will continue to be uploaded over http
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
