Secure SOLR connection (auth)
|Priority:||Won't have this time||Due date:|
|TYPO3 Version:||Has patch:|
If a central solr server is used by multiple query services there should be a way to secure the connection.
Since SOLR Webservice is based on http one sould use http features:
1) http based authentification (configured in tomcat)
2) new configuration for tx_solr http_user / http_password
(+ check https connection works?)
Updated by Ingo Renner over 3 years ago
- Status changed from New to Accepted
Agreed, we could use tx_solr_Service to override the specific methods in Apache_Solr_Service that make the request. tx_solr_Service should use the methods provided by t3lib_div, making use of curl.
Updated by Olivier Dobberkau over 3 years ago
Another option could be running SOLR behind a Proxy with SSL and mod_auth. You basically do not want to configure that stuff on the Tomcat...
We are also evaluating a HMAC or OAuth for this kind of Stuff.