[
https://issues.apache.org/jira/browse/SOLR-14049?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17068844#comment-17068844
]
Jan Høydahl commented on SOLR-14049:
------------------------------------
We already have the option {{-Dsolr.environment=prod|test|dev}} which will add
a red red/yellow/green color to the Admin UI to alert you of what env you are
in. See
https://lucene.apache.org/solr/guide/8_5/taking-solr-to-production.html#environment-banner-in-admin-ui
So if we extended that, using it as a "mode" flag, we could issue a fat warning
in the log or even disable config API for "prod".
Problem is, how to enforce that people need to set that flag in order to use in
production?
One way could be to only allow localhost network interface in dev mode, or to
assume that if your ZK_HOST has >1 ZK listed, then you are definitely in
production or some staging, and then require the prod flag. All of this feels a
bit shaky, and as Robert mentinoned in another issue, people could in fact run
solr on local network interface and still use in production due to some special
setup.
> Disable Config APIs by default
> ------------------------------
>
> Key: SOLR-14049
> URL: https://issues.apache.org/jira/browse/SOLR-14049
> Project: Solr
> Issue Type: Improvement
> Reporter: Ishan Chattopadhyaya
> Priority: Major
>
> Spin off from SOLR-13978. This is not my proposal (I support this only
> conditionally), I'm just opening the JIRA.
> Proposal is to do this by 8.4. Reason is that Config APIs have been used in
> the past to invoke RCE vulnerabilities in some components of Solr.
> The discussion has happened in SOLR-13978. I am willing to do the work once
> we have agreement on this.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
