[
https://issues.apache.org/jira/browse/SOLR-7125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326553#comment-14326553
]
Mark Miller commented on SOLR-7125:
-----------------------------------
bq. This is only on CloudSolrClient, not over HTTP.
But CloudSolrClient does go over http doesnt it?
bq. If a black hat has access to your zookeeper there's not a lot we can do to
help you
We have security controls for zookeeper now - you can have a CloudSolrClient,
you can have limited Zk perms for a Solr space (read only even for
CloudSolrClient). That's all fine. We can't allow a guy in that situation to be
able to root the Solr instance machine from another machine. That is a large
security hole.
> Allow clients to upload/download configs via CloudSolrClient
> ------------------------------------------------------------
>
> Key: SOLR-7125
> URL: https://issues.apache.org/jira/browse/SOLR-7125
> Project: Solr
> Issue Type: Improvement
> Reporter: Alan Woodward
> Assignee: Alan Woodward
> Priority: Minor
> Fix For: 5.1
>
> Attachments: SOLR-7125.patch
>
>
> Adding new configs to ZK is still something of a pain point. We should add
> some helper methods to CloudSolrClient that make this easier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
