[
https://issues.apache.org/jira/browse/SOLR-14014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989906#comment-16989906
]
Christine Poerschke commented on SOLR-14014:
--------------------------------------------
{quote}... Don't feel strongly about the name. ... I don't feel strongly about
whether the UI is enabled/disabled by default. ...
{quote}
Both {{-DenableAdminUI=...}} and {{-DdisableAdminUI=...}} names seem clear to
me:
* If the name was {{enableAdminUI}} then I would expect a Solr instance (that
supports the flag) to have the admin UI disabled if started without the flag
i.e. an explicit {{-DenableAdminUI=true}} would seem necessary to turn the
admin UI on.
* If the name was {{disableAdminUI}} then I would expect a Solr instance (that
supports the flag) to have the admin UI enabled if started without the flag
i.e. an explicit {{-DdisableAdminUI=true}} would seem necessary to turn the
admin UI off.
Such expectations are a bit subjective though of course.
Given that existing Solr instance behaviour is to have the admin UI enabled by
default I'd have a small preference for an opt-out style flag name like
{{disableAdminUI}} or {{withoutAdminUI}} over an opt-in flag name like
{{enableAdminUI}} or {{withAdminUI}}.
> Allow Solr to start with Admin UI disabled
> ------------------------------------------
>
> Key: SOLR-14014
> URL: https://issues.apache.org/jira/browse/SOLR-14014
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Admin UI, security
> Affects Versions: master (9.0), 8.3.1
> Reporter: Jason Gerlowski
> Priority: Major
>
> Currently Solr always runs the Admin UI. With the history of XSS issues and
> other security concerns that have been found in the Admin UI, Solr should
> offer a mode where the Admin UI is disabled. Maybe, and this is a topic
> that'll need some serious discussion, this should even be the default when
> Solr starts.
> NOTE: Disabling the Admin UI removes XSS and other attack vectors. But even
> with the Admin UI disabled, Solr will still be inherently unsafe without
> firewall protection on a public network.
> *Proposed design:*
> A java system property called *headless* will be used as an internal flag for
> starting Solr in headless mode. This property will default to true. A java
> property can be used at startup to set this flag to false.
> Here is an example:
> {code:java}
> bin/solr start -Dheadless=false {code}
> A message will be added following startup describing the mode.
> In headless mode the following message will be displayed:
> "solr is running in headless mode. The admin console is unavailable. To to
> turn off headless mode and allow the admin console use the following
> parameter startup parameter:
> -Dheadless=false
>
> In non-headless mode the following message will be displayed:
> "solr is running with headless mode turned off. The admin console is
> available in this mode. Disabling the Admin UI removes XSS and other attack
> vectors"
> If a user attempts to access the admin console while Solr is in headless mode
> it Solr will return 401 unauthorized.
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
