[
https://issues.apache.org/jira/browse/SOLR-11795?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16375460#comment-16375460
]
Uwe Schindler commented on SOLR-11795:
--------------------------------------
Thanks [~koji]. I think here the main problem is not only YAML and this
library, the issue is that it uses a config file to build an object graph
solely via reflection. This is all fine, if it only affects classes from
Lucene/Solr, but the reflective code should not start to make stuff accessible
with setAccessible() anywhere - whenever you do this you counterpart Java's
security and you can be sure that you are doing something wrong. This also
brings in opportunities to new security issues. I tend to say that because of
recent security reports, Solr should run inside a security manager also in
production (like Elasticsearch), to prevent malicious Scripts or Plugins to
escape the Solr sandbox (like we do in tests). I would spend time to do that,
but external libraries like this one would completely prevent "correct" usage
of a security manager to accomplish this.
About this module: I am not 100% sure: As this is more or less a completely
static config file for the reporting, why to hell not build this object graph
in pure Java code? Or is this intended to be customized by end-users?
> Add Solr metrics exporter for Prometheus
> ----------------------------------------
>
> Key: SOLR-11795
> URL: https://issues.apache.org/jira/browse/SOLR-11795
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: metrics
> Affects Versions: 7.2
> Reporter: Minoru Osuka
> Assignee: Koji Sekiguchi
> Priority: Minor
> Fix For: master (8.0), 7.3
>
> Attachments: SOLR-11795-2.patch, SOLR-11795-3.patch,
> SOLR-11795-4.patch, SOLR-11795-5.patch, SOLR-11795-6.patch,
> SOLR-11795-7.patch, SOLR-11795-8.patch, SOLR-11795-9.patch,
> SOLR-11795-dev-tools.patch, SOLR-11795.patch, solr-dashboard.png,
> solr-exporter-diagram.png
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> I 'd like to monitor Solr using Prometheus and Grafana.
> I've already created Solr metrics exporter for Prometheus. I'd like to
> contribute to contrib directory if you don't mind.
> !solr-exporter-diagram.png|thumbnail!
> !solr-dashboard.png|thumbnail!
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
