janhoy commented on a change in pull request #372:
URL: https://github.com/apache/solr/pull/372#discussion_r743840541



##########
File path: solr/core/src/java/org/apache/solr/handler/PingRequestHandler.java
##########
@@ -133,6 +134,12 @@
   private static final Logger log = 
LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
 
   public static final String HEALTHCHECK_FILE_PARAM = "healthcheckFile";
+
+  @Override
+  public Name getPermissionName(AuthorizationContext request) {
+    return Name.HEALTH_PERM;

Review comment:
       ![Skjermbilde 2021-11-05 kl  18 07 
25](https://user-images.githubusercontent.com/409128/140550515-69de8b27-c54d-4a25-85cb-ac31531920cf.png)
   From the javadoc of PingRequestHandler... This is a write operation, so 
perhaps `action=enable` and `action=disable` should be guarded by 
`config-edit`? Else, it can be used as an attack to disconnect all solr nodes 
from a Load Balancer :) 




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to