[jira] [Commented] (SOLR-15875) Gate defaults on a "env" for Solr: prod, dev

Tue, 28 Dec 2021 06:19:06 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-15875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17466124#comment-17466124
 ] 

David Eric Pugh commented on SOLR-15875:
----------------------------------------

I've been thinking about this more, and while having some "sane out of the box 
defaults" for each environment would be nice, the most *critical* issue is to 
make it VERY easy to change the various defaults to meet your individual needs. 
  The Ruby on Rails project has a great concept of various environments: 
development, test, production, as well as a set of default "application" 
properties.   It's a well known pattern to configure your app to have the 
properties for the environment you are deploying in.   
I'll also point to the Elasticsearch config.yml as a nice way of 
tweaking/overriding defaults.    We currently have a mish mash of environment 
variables, start up parameters, solr.xml, and various config files.  We should 
figure out a better way of managing our configuration values, and then once we 
have that, having some sort of defaults is a nice cherry on top of the cake ;-).

> Gate defaults on a "env" for Solr: prod, dev
> --------------------------------------------
>
>                 Key: SOLR-15875
>                 URL: https://issues.apache.org/jira/browse/SOLR-15875
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: David Smiley
>            Priority: Major
>
> In an effort to increase Solr's security posture, yet also retain convenient 
> ease-of-use defaults, I propose that a Solr node may be started with an 
> environment setting to differentiation production from development; perhaps 
> others.  This ought to be a 1st class bin/solr CLI flag.  Certain settings 
> that are security sensitive can then gate the default based on being in dev 
> mode or not.  Possible examples are enabling the Java SecurityManager, Solr's 
> runtime config APIs, port binding to local-host or not, 
> enable.dih.dataConfigParam.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to