Jan Høydahl created SOLR-10648:
----------------------------------
Summary: Do not expose STOP.PORT and STOP.KEY in sysProps
Key: SOLR-10648
URL: https://issues.apache.org/jira/browse/SOLR-10648
Project: Solr
Issue Type: Improvement
Security Level: Public (Default Security Level. Issues are Public)
Components: scripts and tools
Reporter: Jan Høydahl
Currently anyone with HTTP access to Solr can see the Admin UI and all the
system properties. In there you find
{noformat}
-DSTOP.KEY=solrrocks
-DSTOP.PORT=7983
{noformat}
This means that anyone with this info can shut down Solr by hitting that port
with the key (if it is not firewalled).
I think the simple solution is to add STOP.PORT and STOP.KEY from
{{$SOLR_START_OPTS}} to the {{$SOLR_JETTY_CONFIG[@]}} variable. It will still
be visible on the cmdline but not over HTTP.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
