search

clarin-eric / VLO

Virtual Language Observatory
GNU General Public License v3.0
14 stars 6 forks source link

Solr authorisation #126

Closed twagoo closed 6 years ago

twagoo commented 6 years ago

Use the authentication and rule based authorisation plugins to (optionally for non-dev?) limit the kinds of operations various clients are permitted to carry out. Most importantly, the VLO web app should only need read access to the VLO index. Should there exist a way of indirectly carrying out a harmful operation via a query or otherwise, this should implement an additional line of defence. The importer would need write/commit rights, but no admin permissions (which allow for triggering various scary operations).

twagoo commented 6 years ago

Slideshow that provides a nice overview of Solr authn/authz.

twagoo commented 6 years ago

Example of security.json content for metata hackathon instance of the VLO:

{
"authentication":{
    "blockUnknown":false,
    "class":"solr.BasicAuthPlugin",
    "credentials":{"solr":"<password hash>"},
    "":{"v":0}
},
"authorization":{
   "class":"solr.RuleBasedAuthorizationPlugin",
   "permissions":[
        {"index": 1, "name":"update","role":"admin"},
        {"index": 2, "name":"config-edit","role":"admin"},
        {"index": 3, "name":"security-read","role":"admin"},
        {"index": 4, "name":"security-edit","role":"admin"},
        {"index": 5, "name":"schema-read","role":"admin"},
        {"index": 6, "name":"schema-edit","role":"admin"},
        {"index": 7, "name":"core-admin-read","role":"admin"},
        {"index": 8, "name":"core-admin-edit","role":"admin"},
        {"index": 9, "name":"collection-admin-read","role":"admin"},
        {"index": 10, "name":"collection-admin-edit","role":"admin"}
   ],
   "user-role":{"solr":"admin"}
}
}

A complete solution should also define a user and group for the importer and assign update permissions.

Note: how to create a password hash

twagoo commented 6 years ago

(Thus protected Solr instance currently running at http://hackathon.cmdi.clarin.eu/solr/)

twagoo commented 6 years ago

Here's another good reason for closing down Solr as much as possible

Apache SOLR: the new target for cryptominers

I suppose even less benign things can be done by exploiting the possibility of retrieving and executing arbitrary scripts...

twagoo commented 6 years ago

Adaptations for Docker: fd0df1acb27a55085699591981ccb4dfa24d2115...18de291b69605537220c6f27b7dae33d5c32c7e2

Now merged into development, closing.

twagoo commented 6 years ago

Adaptations in docker image: gitlab/503ccd3

Adaptations in docker compose setup: gitlab/6e3dda