[
https://issues.apache.org/jira/browse/SOLR-6736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14622708#comment-14622708
]
Noble Paul commented on SOLR-6736:
----------------------------------
bq.Varun Rajput Agreed, but we can't think about building up a GUI unless we
agree that putting up arbitrary XML files is allowed
The fact is it is your system and you can put an arbitrary xml or even
executable file if you wish to. But it should only be allowed to a person who
has the permissions to do so. Building a GUI first is like putting the cart
before the horse. We need to first define the workflow involved in adding a
certain artifact into the system. The questions we need to ask is
# Is the user allowed to add it?
# How can we avoid/minimize the harm caused by human errors even if you are
authorized to perform a certain action
# What are the steps involved in a person gaining those permissions. Is it
possible to circumvent it.
It may be possible to hack this and gain access. But, we do not want Solr to be
weakest link in the whole ecosystem. For instance, in this ticket we say that
that, the user needs to enable this handler with a system property. Which means
that the hacker will have to gain access to the file system first to put in the
property there.
> A collections-like request handler to manage solr configurations on zookeeper
> -----------------------------------------------------------------------------
>
> Key: SOLR-6736
> URL: https://issues.apache.org/jira/browse/SOLR-6736
> Project: Solr
> Issue Type: New Feature
> Components: SolrCloud
> Reporter: Varun Rajput
> Assignee: Anshum Gupta
> Attachments: SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch,
> SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch,
> SOLR-6736.patch, newzkconf.zip, test_private.pem, test_pub.der,
> zkconfighandler.zip, zkconfighandler.zip
>
>
> Managing Solr configuration files on zookeeper becomes cumbersome while using
> solr in cloud mode, especially while trying out changes in the
> configurations.
> It will be great if there is a request handler that can provide an API to
> manage the configurations similar to the collections handler that would allow
> actions like uploading new configurations, linking them to a collection,
> deleting configurations, etc.
> example :
> {code}
> #use the following command to upload a new configset called mynewconf. This
> will fail if there is alredy a conf called 'mynewconf'. The file could be a
> jar , zip or a tar file which contains all the files for the this conf.
> curl -X POST -H 'Content-Type: application/octet-stream' --data-binary
> @testconf.zip
> http://localhost:8983/solr/admin/configs/mynewconf?sig=<the-signature>
> {code}
> A GET to http://localhost:8983/solr/admin/configs will give a list of configs
> available
> A GET to http://localhost:8983/solr/admin/configs/mynewconf would give the
> list of files in mynewconf
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
