[ https://issues.apache.org/jira/browse/SOLR-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269553#comment-17269553 ]
David Eric Pugh commented on SOLR-13442: ---------------------------------------- Another ticket is done, only two left! > Lean Solr with minimal functionality > ------------------------------------ > > Key: SOLR-13442 > URL: https://issues.apache.org/jira/browse/SOLR-13442 > Project: Solr > Issue Type: Task > Reporter: Ishan Chattopadhyaya > Assignee: Ishan Chattopadhyaya > Priority: Major > > With lots and lots of out of the box features come the possibility of > security vulnerabilities. A managed / hosted Solr cluster should have only > minimal functionality turned on. > Through this issue, we'd like to explore the possibility of starting up Solr > such that just basic cloud based indexing and querying works (under basic > auth), and fancy stuff like the following be turned off (maybe by a startup > parameter): > # Tika > # DIH > # Funky shards parameter usage (unless specific to implicit routing) > # HDFS > # Streaming expressions > # non whitelisted function queries (with a whitelist of only few that are > essential) > # configset upload > # blob store > # etc. > The motivation of this work is to have a public facing minimal Solr that is > bullet proof, secure against external exposure (with the help of basic auth > and rule based authorization). -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org For additional commands, e-mail: issues-h...@lucene.apache.org