Destructive Solr operations accept HTTP GET requests
-----------------------------------------------------
Key: SOLR-1523
URL: https://issues.apache.org/jira/browse/SOLR-1523
Project: Solr
Issue Type: Improvement
Affects Versions: 1.4
Reporter: Lance Norskog
GET v.s. POST/PUT/DELETE
The multicore implementation allows HTTP GET requests to perform system
administration commands. This means that an URL which alters the system can be
bookmarked/e-mailed/etc. This is dangerous in a production system.
A clean implementation should give every request handler the ability to accept
some HTTP verbs and reject others. It could be just a boolean for whether it
accepts a GET, or the interface might actually have a list of verbs it accepts.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
