Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id DBE94200CAE for ; Wed, 21 Jun 2017 11:21:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id DA7BE160BE2; Wed, 21 Jun 2017 09:21:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2B00B160BD0 for ; Wed, 21 Jun 2017 11:21:04 +0200 (CEST) Received: (qmail 486 invoked by uid 500); 21 Jun 2017 09:21:03 -0000 Mailing-List: contact dev-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@lucene.apache.org Delivered-To: mailing list dev@lucene.apache.org Received: (qmail 470 invoked by uid 99); 21 Jun 2017 09:21:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Jun 2017 09:21:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 20653C1A4D for ; Wed, 21 Jun 2017 09:21:02 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.011 X-Spam-Level: X-Spam-Status: No, score=-100.011 tagged_above=-999 required=6.31 tests=[SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id m0vrYql5n_dU for ; Wed, 21 Jun 2017 09:21:01 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 49F9C5FC99 for ; Wed, 21 Jun 2017 09:21:01 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id B13E2E0D6A for ; Wed, 21 Jun 2017 09:21:00 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 1826A21946 for ; Wed, 21 Jun 2017 09:21:00 +0000 (UTC) Date: Wed, 21 Jun 2017 09:21:00 +0000 (UTC) From: "Mano Kovacs (JIRA)" To: dev@lucene.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (SOLR-10307) Provide SSL/TLS keystore password a more secure way MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Wed, 21 Jun 2017 09:21:05 -0000 [ https://issues.apache.org/jira/browse/SOLR-10307?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mano Kovacs updated SOLR-10307: ------------------------------- Attachment: SOLR-10307.2.patch Attaching fix patch. Fix is on {{solr}} by exporting the environment variables. > Provide SSL/TLS keystore password a more secure way > --------------------------------------------------- > > Key: SOLR-10307 > URL: https://issues.apache.org/jira/browse/SOLR-10307 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: security > Reporter: Mano Kovacs > Assignee: Mark Miller > Fix For: master (7.0), 6.7 > > Attachments: SOLR-10307.2.patch, SOLR-10307.patch, SOLR-10307.patch, SOLR-10307.patch > > > Currently the only way to pass server and client side SSL keytstore and truststore passwords is to set specific environment variables that will be passed as system properties, through command line parameter. > First option is to pass passwords through environment variables which gives a better level of protection. Second option would be to use hadoop credential provider interface to access credential store. -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org For additional commands, e-mail: dev-help@lucene.apache.org