Reputation: 65
basic authentication with REST in Solr 6.6.1
I have deployed Apache Solr 6.6.1 with basic authentication by following their reference guide. At the end they have discussed how to use curl with security. For my case, I am using REST API to query SOLR. Due to Basic Authentication i am using this query. https://user:pswd@serverhost/solr/... in this way my user & paswd will expose. i want to know the safest method to use basic authetication with REST API that will not be exposed to external worl.
Upvotes: 2
Views: 3541
Answers (1)
Reputation: 395
As you can see here:
The use of these URLs is deprecated. In Chrome, the username:password@ part in URLs is even stripped out for security reasons. In Firefox, it is checked if the site actually requires authentication and if not, Firefox will warn the user with a prompt "You are about to log in to the site “www.example.com” with the username “username”, but the website does not require authentication. This may be an attempt to trick you.".
You don't need to expose it in your URL, you should add an "Authorization" Header to your request. The value will have "username:password" encoded in Base64, which is not safe, but since you're using https, it will be protected.
The full value of the header will be something like "Basic dXNlcm5hbWU6cGFzc3dvcmQ=". It's formed by the type of authentication ("Basic") plus a whitespace plus the value of "username:password" encoded in Base64.
Upvotes: 1
Related Questions
- solr - basic authentication
- adding basic authentication to Solr 8.6.1
- Authenticating SolrCore using Spring Data Solr
- Username and password authentication for Solr
- Basic Authentication is not working in Apache solr 8
- How to setup authentication mechanism in solr 7?
- How to add basic Auth for solr using spring-data-solr?
- Solr6.3.0 SolrJ API for Basic Authentication
- solr 7.4.0 security.json authentication
- Solr Authentication