[
https://issues.apache.org/jira/browse/SOLR-7125?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14327438#comment-14327438
]
Mark Miller commented on SOLR-7125:
-----------------------------------
Great to have a new test!
I'm sure it will work - my main concern is the team securing things for shared
use. Say they have employees with different levels of access, they turn on ZK
security, they see they can upload config with CloudSolrServer or whatever and
so they allow the config node to be written to, what's the harm, the client can
only edit and upload config, and now they have opened up a remote exploit hole.
Unfortunately, until we close that hole, I think the best we can do is doc the
problem a lot in the ref guide.
> Allow clients to upload/download configs via CloudSolrClient
> ------------------------------------------------------------
>
> Key: SOLR-7125
> URL: https://issues.apache.org/jira/browse/SOLR-7125
> Project: Solr
> Issue Type: Improvement
> Reporter: Alan Woodward
> Assignee: Alan Woodward
> Priority: Minor
> Fix For: 5.1
>
> Attachments: SOLR-7125.patch, SOLR-7125.patch
>
>
> Adding new configs to ZK is still something of a pain point. We should add
> some helper methods to CloudSolrClient that make this easier.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org
