[jira] [Updated] (SOLR-1523) Destructive Solr operations accept HTTP GET requests

JIRA Mon, 02 Dec 2013 05:17:08 -0800

     [ 
https://issues.apache.org/jira/browse/SOLR-1523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jan Høydahl updated SOLR-1523:
------------------------------

    Affects Version/s: 4.6
                       3.6.2

> Destructive Solr operations accept HTTP GET requests 
> -----------------------------------------------------
>
>                 Key: SOLR-1523
>                 URL: https://issues.apache.org/jira/browse/SOLR-1523
>             Project: Solr
>          Issue Type: Improvement
>    Affects Versions: 1.4, 3.6.2, 4.6
>            Reporter: Lance Norskog
>
> GET v.s. POST/PUT/DELETE
> The multicore implementation allows HTTP GET requests to perform system 
> administration commands. This means that an URL which alters the system can 
> be bookmarked/e-mailed/etc. This is dangerous in a production system.
> A clean implementation should give every request handler the ability to 
> accept some HTTP verbs and reject others. It could be just a boolean for 
> whether it accepts a GET, or the interface might actually have a list of 
> verbs it accepts. 



--
This message was sent by Atlassian JIRA
(v6.1#6144)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org
For additional commands, e-mail: dev-h...@lucene.apache.org

[jira] [Updated] (SOLR-1523) Destructive Solr operations accept HTTP GET requests

Reply via email to