[
https://issues.apache.org/jira/browse/SOLR-10648?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16637916#comment-16637916
]
Jan Høydahl commented on SOLR-10648:
------------------------------------
Also, the install script could by default generate a random {{STOP.KEY}} and
put that in {{solr.in.sh}}, so that prod setups do not share the default
{{solrrocks}} key.
{quote}These two mechanisms should at least be made aware of each other, eg.
the metrics could both filter out "hidden" sysprops, as well as redact those in
listed in {{RedactionUtils}}.
{quote}
This is perhaps for another Jira issue, but should not the solr.xml
configurable list be owned by RedactionUtils and not Metrics module? Then the
metrics code can talk to RedactionUtils?
> Do not expose STOP.PORT and STOP.KEY in sysProps
> ------------------------------------------------
>
> Key: SOLR-10648
> URL: https://issues.apache.org/jira/browse/SOLR-10648
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: scripts and tools
> Reporter: Jan Høydahl
> Priority: Major
> Labels: security
>
> Currently anyone with HTTP access to Solr can see the Admin UI and all the
> system properties. In there you find
> {noformat}
> -DSTOP.KEY=solrrocks
> -DSTOP.PORT=7983
> {noformat}
> This means that anyone with this info can shut down Solr by hitting that port
> with the key (if it is not firewalled).
> I think the simple solution is to add STOP.PORT and STOP.KEY from
> {{$SOLR_START_OPTS}} to the {{$SOLR_JETTY_CONFIG[@]}} variable. It will still
> be visible on the cmdline but not over HTTP.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
