[
https://issues.apache.org/jira/browse/SOLR-14147?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17428887#comment-17428887
]
Robert Muir commented on SOLR-14147:
------------------------------------
Sure its a good idea. it still works and its the best current way to protect
against several classes of vulnerabilities.
e.g. if there's something in solr exposing a directory traversal vulnerability,
it is better to have a SecurityException in the logs, than private files
exposed over the network.
in the future, since SecurityManager may become neutered over time, removed,
etc, it would be good to look at alternatives. For that specific example,
systemd service file could prevent the same thing (allow solr only access to
filesystem parts it needs).
> enable security manager by default
> ----------------------------------
>
> Key: SOLR-14147
> URL: https://issues.apache.org/jira/browse/SOLR-14147
> Project: Solr
> Issue Type: Improvement
> Reporter: Robert Muir
> Priority: Major
> Fix For: main (9.0)
>
> Time Spent: 6h 20m
> Remaining Estimate: 0h
>
> For 9.0, set SOLR_SECURITY_MANAGER_ENABLED=true by default. Remove the step
> from securing solr page as it will be done by default (defaults become safe).
> Users can disable if they are running hadoop or doing other crazy stuff.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
