[
https://issues.apache.org/jira/browse/SOLR-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ishan Chattopadhyaya updated SOLR-13442:
----------------------------------------
Description:
With lots and lots of out of the box features come the possibility of security
vulnerabilities. A managed / hosted Solr cluster should have only minimal
functionality turned on.
Through this issue, we'd like to explore the possibility of starting up Solr
such that just basic cloud based indexing and querying works (under basic
auth), and fancy stuff like the following be turned off (maybe by a startup
parameter):
# Tika
# DIH
# Funky shards parameter usage (unless specific to implicit routing)
# HDFS
# Streaming expressions
# non whitelisted function queries (with a whitelist of only few that are
essential)
# configset upload
# blob store
# etc.
The motivation of this work is to have a public facing minimal Solr that is
bullet proof, secure against external exposure (with the help of basic auth and
rule based authorization).
was:
With lots and lots of out of the box features come the possibility of security
vulnerabilities. A managed / hosted Solr cluster should have only minimal
functionality turned on.
Through this issue, I plan to explore the possibility of starting up Solr such
that just basic cloud based indexing and querying works (under basic auth), and
fancy stuff like the following be turned off (maybe by a startup parameter):
# Tika
# DIH
# Funky shards parameter usage (unless specific to implicit routing)
# HDFS
# Streaming expressions
# non whitelisted function queries (with a whitelist of only few that are
essential)
# configset upload
# blob store
# etc.
My motivation is to have a public facing minimal Solr that is bullet proof
secure against external exposure (with the help of basic auth and rule based
authorization).
> Safe mode with minimal functionality
> ------------------------------------
>
> Key: SOLR-13442
> URL: https://issues.apache.org/jira/browse/SOLR-13442
> Project: Solr
> Issue Type: Task
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Ishan Chattopadhyaya
> Priority: Major
>
> With lots and lots of out of the box features come the possibility of
> security vulnerabilities. A managed / hosted Solr cluster should have only
> minimal functionality turned on.
> Through this issue, we'd like to explore the possibility of starting up Solr
> such that just basic cloud based indexing and querying works (under basic
> auth), and fancy stuff like the following be turned off (maybe by a startup
> parameter):
> # Tika
> # DIH
> # Funky shards parameter usage (unless specific to implicit routing)
> # HDFS
> # Streaming expressions
> # non whitelisted function queries (with a whitelist of only few that are
> essential)
> # configset upload
> # blob store
> # etc.
> The motivation of this work is to have a public facing minimal Solr that is
> bullet proof, secure against external exposure (with the help of basic auth
> and rule based authorization).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
