[ https://issues.apache.org/jira/browse/SOLR-15875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17464795#comment-17464795 ]
Ishan Chattopadhyaya commented on SOLR-15875: --------------------------------------------- Fyi, there's already a concept of environment in Solr. https://solr.apache.org/guide/8_2/taking-solr-to-production.html#environment-banner-in-admin-ui > Gate defaults on a "env" for Solr: prod, dev > -------------------------------------------- > > Key: SOLR-15875 > URL: https://issues.apache.org/jira/browse/SOLR-15875 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: David Smiley > Priority: Major > > In an effort to increase Solr's security posture, yet also retain convenient > ease-of-use defaults, I propose that a Solr node may be started with an > environment setting to differentiation production from development; perhaps > others. This ought to be a 1st class bin/solr CLI flag. Certain settings > that are security sensitive can then gate the default based on being in dev > mode or not. Possible examples are enabling the Java SecurityManager, Solr's > runtime config APIs, port binding to local-host or not, > enable.dih.dataConfigParam. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org