[
https://issues.apache.org/jira/browse/SOLR-7125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14326568#comment-14326568
]
Mark Miller commented on SOLR-7125:
-----------------------------------
bq. then it's an existing security hole, which needs fixing, as anybody can
create a CloudSolrClient and pull it's SolrZkClient/ZkStateReader.
Yeah, it's a tricky situation. Part of why securing ZK is so important I
suppose - we should add a bit about that to the ref guide.
My worry is the bank that *does* secure ZK though, not the one that doesn't. If
you have it so that out of the box CloudSolrServer can upload config that can
end up as executable code, that is a dangerous situation.
I suppose this issue highlights something we have to consider rather than
exposes it.
> Allow clients to upload/download configs via CloudSolrClient
> ------------------------------------------------------------
>
> Key: SOLR-7125
> URL: https://issues.apache.org/jira/browse/SOLR-7125
> Project: Solr
> Issue Type: Improvement
> Reporter: Alan Woodward
> Assignee: Alan Woodward
> Priority: Minor
> Fix For: 5.1
>
> Attachments: SOLR-7125.patch
>
>
> Adding new configs to ZK is still something of a pain point. We should add
> some helper methods to CloudSolrClient that make this easier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
