Ishan Chattopadhyaya created SOLR-13442:
-------------------------------------------
Summary: Safe mode with minimal functionality
Key: SOLR-13442
URL: https://issues.apache.org/jira/browse/SOLR-13442
Project: Solr
Issue Type: Task
Security Level: Public (Default Security Level. Issues are Public)
Reporter: Ishan Chattopadhyaya
With lots and lots of out of the box features come the possibility of security
vulnerabilities. A managed / hosted Solr cluster should have only minimal
functionality turned on.
Through this issue, I plan to explore the possibility of starting up Solr such
that just basic cloud based indexing and querying works (under basic auth), and
fancy stuff like the following be turned off (maybe by a startup parameter):
# Tika
# DIH
# Funky shards parameter usage (unless specific to implicit routing)
# HDFS
# Streaming expressions
# non whitelisted function queries (with a whitelist of only few that are
essential)
# configset upload
# blob store
# etc.
My motivation is to have a public facing minimal Solr that is bullet proof
secure against external exposure (with the help of basic auth and rule based
authorization).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
