[
https://issues.apache.org/jira/browse/SOLR-14018?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexandre Rafalovitch resolved SOLR-14018.
------------------------------------------
Resolution: Won't Fix
No longer needed. Velocity is going into a plugin, so users will be installing
it explicitly.
> sandbox velocity into oblivion
> ------------------------------
>
> Key: SOLR-14018
> URL: https://issues.apache.org/jira/browse/SOLR-14018
> Project: Solr
> Issue Type: Improvement
> Reporter: Robert Muir
> Priority: Major
>
> followup to SOLR-19993.
> The thing has too many read permissions now. it is due to my hacky first stab
> at the thing. instead of wrapping the whole block of code in a sandbox, we
> should go a little deeper, there are two things:
> * Script "engine" (with all the shit needed to compile and run the script)
> * Script compiled code (stuff from the luser that we definitely do not trust)
> If we can split the permissions into these two, then the second one has no
> permissions and can't mess around as much.
> It just takes wrestling, tests, and time.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
