[
https://issues.apache.org/jira/browse/SOLR-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269553#comment-17269553
]
David Eric Pugh commented on SOLR-13442:
----------------------------------------
Another ticket is done, only two left!
> Lean Solr with minimal functionality
> ------------------------------------
>
> Key: SOLR-13442
> URL: https://issues.apache.org/jira/browse/SOLR-13442
> Project: Solr
> Issue Type: Task
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Priority: Major
>
> With lots and lots of out of the box features come the possibility of
> security vulnerabilities. A managed / hosted Solr cluster should have only
> minimal functionality turned on.
> Through this issue, we'd like to explore the possibility of starting up Solr
> such that just basic cloud based indexing and querying works (under basic
> auth), and fancy stuff like the following be turned off (maybe by a startup
> parameter):
> # Tika
> # DIH
> # Funky shards parameter usage (unless specific to implicit routing)
> # HDFS
> # Streaming expressions
> # non whitelisted function queries (with a whitelist of only few that are
> essential)
> # configset upload
> # blob store
> # etc.
> The motivation of this work is to have a public facing minimal Solr that is
> bullet proof, secure against external exposure (with the help of basic auth
> and rule based authorization).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
