David Smiley created SOLR-15875: ----------------------------------- Summary: Gate defaults on a "env" for Solr: prod, dev Key: SOLR-15875 URL: https://issues.apache.org/jira/browse/SOLR-15875 Project: Solr Issue Type: Improvement Security Level: Public (Default Security Level. Issues are Public) Reporter: David Smiley
In an effort to increase Solr's security posture, yet also retain convenient ease-of-use defaults, I propose that a Solr node may be started with an environment setting to differentiation production from development; perhaps others. This ought to be a 1st class bin/solr CLI flag. Certain settings that are security sensitive can then gate the default based on being in dev mode or not. Possible examples are enabling the Java SecurityManager, Solr's runtime config APIs, port binding to local-host or not, enable.dih.dataConfigParam. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org