1.4 Replication
Does replication in 1.4 support passing credentials/basic auth? If not what is the best option to protect replication?
Re: 1.4 Replication
On Wed, 2009-05-27 at 19:06 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > On Wed, May 27, 2009 at 6:48 PM, Matthew Gregg > wrote: > > Does replication in 1.4 support passing credentials/basic auth? If not > > what is the best option to protect replication? > do you mean protecting the url /replication ? Yes I would like to put /replication behind basic auth, which I can do, but replication fails. I naively tried the obvious http://user:p...@host/replication, but that fails. > > ideally Solr is expected to run in an unprotected environment. if you > wish to introduce some security it has to be built by you. > > > > I guess you meant Solr is expected to run in a "protected" environment? It's pretty easy to put up a basic auth in front of Solr, but the replication infra. in 1.4 doesn't seem to support it. Or does it, and I just don't know how? -- Matthew Gregg
Re: 1.4 Replication
I would like the to protect both reads and writes. Reads could have a significant impact. I guess the answer is no, replication has no built in security? On Wed, 2009-05-27 at 20:11 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > The question is what all do you wish to protect. > There are 'read' as well as 'write' attributes . > > The reads are the ones which will not cause any harm other than > consuming some cpu cycles. > > The writes are the ones which can change the state of the system. > > The slave uses the 'read' API's which i feel may not need to be protected > > The other API's methods can have security . say dnappull, diableSnapPoll etc > > > > On Wed, May 27, 2009 at 7:47 PM, Matthew Gregg > wrote: > > On Wed, 2009-05-27 at 19:06 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > >> On Wed, May 27, 2009 at 6:48 PM, Matthew Gregg > >> wrote: > >> > Does replication in 1.4 support passing credentials/basic auth? If not > >> > what is the best option to protect replication? > >> do you mean protecting the url /replication ? > > Yes I would like to put /replication behind basic auth, which I can do, > > but replication fails. I naively tried the obvious > > http://user:p...@host/replication, but that fails. > > > >> > >> ideally Solr is expected to run in an unprotected environment. if you > >> wish to introduce some security it has to be built by you. > >> > > >> > > > I guess you meant Solr is expected to run in a "protected" environment? > > It's pretty easy to put up a basic auth in front of Solr, but the > > replication infra. in 1.4 doesn't seem to support it. Or does it, and I > > just don't know how? > > > > -- > > Matthew Gregg > > > > > > > -- Matthew Gregg
Re: 1.4 Replication
That is disappointing then. Restricting by IP may be doable, but much more work than basic auth. On Wed, 2009-05-27 at 20:41 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > replication has no builtin security > > > > On Wed, May 27, 2009 at 8:37 PM, Matthew Gregg > wrote: > > I would like the to protect both reads and writes. Reads could have a > > significant impact. I guess the answer is no, replication has no built > > in security? > > > > On Wed, 2009-05-27 at 20:11 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > >> The question is what all do you wish to protect. > >> There are 'read' as well as 'write' attributes . > >> > >> The reads are the ones which will not cause any harm other than > >> consuming some cpu cycles. > >> > >> The writes are the ones which can change the state of the system. > >> > >> The slave uses the 'read' API's which i feel may not need to be protected > >> > >> The other API's methods can have security . say dnappull, diableSnapPoll > >> etc > >> > >> > >> > >> On Wed, May 27, 2009 at 7:47 PM, Matthew Gregg > >> wrote: > >> > On Wed, 2009-05-27 at 19:06 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > >> >> On Wed, May 27, 2009 at 6:48 PM, Matthew Gregg > >> >> wrote: > >> >> > Does replication in 1.4 support passing credentials/basic auth? If > >> >> > not > >> >> > what is the best option to protect replication? > >> >> do you mean protecting the url /replication ? > >> > Yes I would like to put /replication behind basic auth, which I can do, > >> > but replication fails. I naively tried the obvious > >> > http://user:p...@host/replication, but that fails. > >> > > >> >> > >> >> ideally Solr is expected to run in an unprotected environment. if you > >> >> wish to introduce some security it has to be built by you. > >> >> > > >> >> > > >> > I guess you meant Solr is expected to run in a "protected" environment? > >> > It's pretty easy to put up a basic auth in front of Solr, but the > >> > replication infra. in 1.4 doesn't seem to support it. Or does it, and I > >> > just don't know how? > >> > > >> > -- > >> > Matthew Gregg > >> > > >> > > >> > >> > >> > > -- > > Matthew Gregg > > > > > > > -- Matthew Gregg
Re: 1.4 Replication
Bug filed. Thankyou. On Wed, 2009-05-27 at 22:40 +0530, Shalin Shekhar Mangar wrote: > On Wed, May 27, 2009 at 9:01 PM, Matthew Gregg wrote: > > > That is disappointing then. Restricting by IP may be doable, but much > > more work than basic auth. > > > > > The beauty of open source is that this can be changed :) > > Please open an issue, we can have basic http authentication made > configurable. > -- Matthew Gregg
