Atri Sharma created SOLR-14720: ---------------------------------- Summary: Validate Sanctity of Request Type Key: SOLR-14720 URL: https://issues.apache.org/jira/browse/SOLR-14720 Project: Solr Issue Type: Improvement Security Level: Public (Default Security Level. Issues are Public) Reporter: Atri Sharma
https://issues.apache.org/jira/browse/SOLR-13528 introduces a mechanism to identify between internal (server) and external (client) requests. Currently, this mechanism works on populating a relevant field in the request's headers. However, a rogue client can impersonate or fabricate a server request. This Jira tracks effort to validate that a client request's context is set correctly. We look to tap into the authentication loop to piggy back on the information provided there. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org