[
https://issues.apache.org/jira/browse/SOLR-13993?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16988498#comment-16988498
]
Robert Muir commented on SOLR-13993:
------------------------------------
I added an additional "intersection" test now that the read access has been
yanked by SOLR-14015
> sandbox velocity template render
> --------------------------------
>
> Key: SOLR-13993
> URL: https://issues.apache.org/jira/browse/SOLR-13993
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-13993.patch, SOLR-13993.patch, SOLR-13993.patch,
> SOLR-13993.patch
>
>
> This thing seems dangerous :)
> Making the whole solr secure is a whole nother thing: (see e.g. SOLR-13991
> and we haven't even gotten started). Its pretty difficult to convert whole
> large app to work securely. It is going to take time.
> In the meantime, if we have things that might do something dangerous, and
> security manager is enabled, we can put them into a special little sandbox
> and throw away the key: for example we can intentionally discard permissions
> we don't need so they can't launch stuff, if we really don't trust them, we
> can start filtering what classes classloader will load.
> This isn't that crazy at all to do, e.g. your web browser does similar tricks
> to try to sandbox specific parts that might do something unexpected and cause
> security issue.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
