[ https://issues.apache.org/jira/browse/SOLR-15875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466124#comment-17466124 ]
David Eric Pugh commented on SOLR-15875: ---------------------------------------- I've been thinking about this more, and while having some "sane out of the box defaults" for each environment would be nice, the most *critical* issue is to make it VERY easy to change the various defaults to meet your individual needs. The Ruby on Rails project has a great concept of various environments: development, test, production, as well as a set of default "application" properties. It's a well known pattern to configure your app to have the properties for the environment you are deploying in. I'll also point to the Elasticsearch config.yml as a nice way of tweaking/overriding defaults. We currently have a mish mash of environment variables, start up parameters, solr.xml, and various config files. We should figure out a better way of managing our configuration values, and then once we have that, having some sort of defaults is a nice cherry on top of the cake ;-). > Gate defaults on a "env" for Solr: prod, dev > -------------------------------------------- > > Key: SOLR-15875 > URL: https://issues.apache.org/jira/browse/SOLR-15875 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Reporter: David Smiley > Priority: Major > > In an effort to increase Solr's security posture, yet also retain convenient > ease-of-use defaults, I propose that a Solr node may be started with an > environment setting to differentiation production from development; perhaps > others. This ought to be a 1st class bin/solr CLI flag. Certain settings > that are security sensitive can then gate the default based on being in dev > mode or not. Possible examples are enabling the Java SecurityManager, Solr's > runtime config APIs, port binding to local-host or not, > enable.dih.dataConfigParam. -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org