[
https://issues.apache.org/jira/browse/SOLR-5518?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13836706#comment-13836706
]
Uwe Schindler commented on SOLR-5518:
-------------------------------------
bq. I'm not sure if there's a need to remove the "Files" Page completely, since
browsing the available files would be possible w/o the write-stuff anyway?
maybe just removing the "modify" functionality but leave the rest "as is"?
I am fine with that! So we should revert SOLR-5287 in branch_4x, remove the
"Modify /new File" button from admin UI, and all should be fine.
The current code should be committed to trunk only, and we open other issues to
add "security" to the admin request handlers before providing them to users in
a stable branch. This is all to half-baked, I don't want to risk Solr's good
standing by merging this to a stable branch. A "file manager" in Solr is way
too much for a stable branch, especially if it has no security at all.
> Move editing config files into a new handler
> --------------------------------------------
>
> Key: SOLR-5518
> URL: https://issues.apache.org/jira/browse/SOLR-5518
> Project: Solr
> Issue Type: Improvement
> Affects Versions: 5.0, 4.7
> Reporter: Erick Erickson
> Assignee: Erick Erickson
> Priority: Blocker
> Attachments: SOLR-5518.patch, SOLR-5518.patch
>
>
> See SOLR-5287. Uwe Schindler pointed out that writing files the way 5287 is a
> security vulnerability and that disabling it should be the norm. Subsequent
> discussion came up with this idea.
> Writing arbitrary config files should NOT be on by default.
> We'll also incorporate Mark's idea of testing XML files before writing
> anywhere.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
