[
https://issues.apache.org/jira/browse/SOLR-6807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14229004#comment-14229004
]
Shawn Heisey commented on SOLR-6807:
------------------------------------
It was my understanding that the reason we went with false by default was to
close a security hole. To be specific, if handleSelect is true, then you can
send a request to the /select handler, include qt=/update as a parameter, and
change the index.
I don't mind having handleSelect as an option, but I think we should keep it
false by default. I won't vote it down if there's consensus to go that way,
though.
> Make handleSelect=true by default
> ---------------------------------
>
> Key: SOLR-6807
> URL: https://issues.apache.org/jira/browse/SOLR-6807
> Project: Solr
> Issue Type: Wish
> Affects Versions: 4.10.2
> Reporter: Alexandre Rafalovitch
> Priority: Minor
> Labels: solrconfig.xml
> Fix For: 5.0
>
>
> In the solrconfig.xml, we have a long explanation on the legacy
> *<requestDispatcher handleSelect="false" >* section. Since we are cleaning up
> legacy stuff for version 5, is it safe now to flip handleSelect to *true* by
> default and therefore remove both the attribute and the whole section
> explaining it.
> Then, a section in Reference Guide or even a blog post can explain what to do
> for the old clients that still need it. But it does not seem to be needed
> anymore for the new users. And possibly cause confusing now that we have
> implicit, explicit and overlay handlers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
