I am not a security expert, but in my opinion the safest way to run solr "securely" is to forget all about usernames & passwords and instead use SSL with client SSL certificates...
https://cwiki.apache.org/confluence/display/solr/Enabling+SSL : Date: Tue, 4 Nov 2014 12:53:30 +0000 : From: Shay Sofer <[email protected]> : Reply-To: [email protected] : To: "[email protected]" <[email protected]> : Subject: Solr authentication : : Hi, : : I want that my Solr web connection will be protected by username and password. : : When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after login (with known users). : : Is it possible ? : : Thanks, : Shay. : -Hoss http://www.lucidworks.com/
