[ https://issues.apache.org/jira/browse/SOLR-7896?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erick Erickson resolved SOLR-7896. ---------------------------------- Resolution: Not A Problem Please bring this kind of thing up on the user's list rather than raise JIRAs to be sure you're not simply misunderstanding things. If it's a real problem in Solr, _then_ raise a JIRA. Solr has _never_ been intended to allow end-user access and thus has never implemented this kind of security. You allow me to get to the Solr URL directly and I can http://machine:port/solr/collection/update?commit=true&stream.body=<delete><query>*:*</query></delete> All your docs are gone. > Solr Administrative Interface Lacks Password Protection > ------------------------------------------------------- > > Key: SOLR-7896 > URL: https://issues.apache.org/jira/browse/SOLR-7896 > Project: Solr > Issue Type: Bug > Components: security, web gui > Affects Versions: 5.2.1 > Reporter: Aaron Greenspan > Priority: Critical > > Out of the box, the Solr interface should require an administrative password > that the user is required to set. Apparently there are ways of configuring > Jetty to do this with HTTP AUTH or whatever. I'm a moderately experienced > Linux admin and a programmer; I've tried, numerous times, and I've not once > been able to get it to work. The point is this, though: > *No one should have to try to get their Solr instance to support password > authentication and preferably SSL (even if it's just with a self-signed > certificate). Solr is designed to store huge amounts of data and is therefore > a likely target for malicious users.* > This needs to be addressed! It's 2015 and Solr is on version 5! -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org