[
https://issues.apache.org/jira/browse/SOLR-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16989630#comment-16989630
]
Jan Høydahl commented on SOLR-13985:
------------------------------------
[~uschindler] You almost had a patch ready to replace Jetty's start.jar with a
solr.jar which moves all jetty xml configs into our own Java class instead. Is
this a good time to pick it up again, would think that it would give us full
control of what to bind to as well? I don't think it is as risky as it sounds
like. We just do the Jetty init and servlet wirings from code instead of from
xml. We already to this for our tests.
> bind to localhost by default
> ----------------------------
>
> Key: SOLR-13985
> URL: https://issues.apache.org/jira/browse/SOLR-13985
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-13985.patch
>
>
> Currently solr binds to all interfaces by default.
> The default should be safer, so that e.g. the user is not exposed to the
> internet until they make an explicit step to do so.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
