[
https://issues.apache.org/jira/browse/SOLR-6736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15881915#comment-15881915
]
Ishan Chattopadhyaya commented on SOLR-6736:
--------------------------------------------
This seems like a sound approach in theory, but often times users don't follow
proper procedures for deployment and end up exposing their deployments without
proper authentication/authorization. This extra security is to save such users
from potential remote code execution based attacks. Our guidelines should,
anyway, be for admins to enable security before going to production.
Having this feature disabled out of the box was the other alternative that was
explored above (to protect users who might end up exposing their cluster
without securing it first), but I think it is inconvenient and can (and should)
be avoided.
> A collections-like request handler to manage solr configurations on zookeeper
> -----------------------------------------------------------------------------
>
> Key: SOLR-6736
> URL: https://issues.apache.org/jira/browse/SOLR-6736
> Project: Solr
> Issue Type: New Feature
> Components: SolrCloud
> Reporter: Varun Rajput
> Assignee: Ishan Chattopadhyaya
> Attachments: newzkconf.zip, SOLR-6736-newapi.patch,
> SOLR-6736-newapi.patch, SOLR-6736-newapi.patch, SOLR-6736.patch,
> SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch,
> SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch, test_private.pem,
> test_pub.der, zkconfighandler.zip, zkconfighandler.zip
>
>
> Managing Solr configuration files on zookeeper becomes cumbersome while using
> solr in cloud mode, especially while trying out changes in the
> configurations.
> It will be great if there is a request handler that can provide an API to
> manage the configurations similar to the collections handler that would allow
> actions like uploading new configurations, linking them to a collection,
> deleting configurations, etc.
> example :
> {code}
> #use the following command to upload a new configset called mynewconf. This
> will fail if there is alredy a conf called 'mynewconf'. The file could be a
> jar , zip or a tar file which contains all the files for the this conf.
> curl -X POST -H 'Content-Type: application/octet-stream' --data-binary
> @testconf.zip
> http://localhost:8983/solr/admin/configs/mynewconf?sig=<the-signature>
> {code}
> A GET to http://localhost:8983/solr/admin/configs will give a list of configs
> available
> A GET to http://localhost:8983/solr/admin/configs/mynewconf would give the
> list of files in mynewconf
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
