[ https://issues.apache.org/jira/browse/SOLR-13687?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16910896#comment-16910896 ]
Noble Paul commented on SOLR-13687: ----------------------------------- Ideally, we should minimize access to ZK from hosts outside of of solr nodes. It's a security hole. If you have access to ZK , you can edit the {{security.json}} or any other file in zookeeper. Most of these operations do not need access to ZK. We should make usage of solr as a service that runs over HTTP. If an operation can be performed over HTTP, it should be. People should just be required to know the url of a solr node to use a solr cluster. > Enable the bin/solr script to accept a solr url to run commands > ---------------------------------------------------------------- > > Key: SOLR-13687 > URL: https://issues.apache.org/jira/browse/SOLR-13687 > Project: Solr > Issue Type: Bug > Security Level: Public(Default Security Level. Issues are Public) > Reporter: Noble Paul > Priority: Major > > The problem we have today with our {{bin/solr}} script is that we have to run > it from one of the nodes where Solr is running. This is a security issue b/c > only admins are usaully be allowed to login to a machine where solr is > running.If you have multiple cluster running in that host we don't know which > one it's going to use. It is much easier to write a simple script that works > over a url and the user has no ambiguity as to how it works. You can just > unpack a solr distribution to your local machine and start using the script > without bothering to install solr . > The following commands can easily be executed remotely. These commands can > accept the base url of any solr node in the cluster and perform the opertaion > * healthcheck > * create > * create_core > * create_collection > * delete, version, > * config > * autoscaling -- This message was sent by Atlassian Jira (v8.3.2#803003) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org