Destructive Solr operations accept HTTP GET requests -----------------------------------------------------
Key: SOLR-1523 URL: https://issues.apache.org/jira/browse/SOLR-1523 Project: Solr Issue Type: Improvement Affects Versions: 1.4 Reporter: Lance Norskog GET v.s. POST/PUT/DELETE The multicore implementation allows HTTP GET requests to perform system administration commands. This means that an URL which alters the system can be bookmarked/e-mailed/etc. This is dangerous in a production system. A clean implementation should give every request handler the ability to accept some HTTP verbs and reject others. It could be just a boolean for whether it accepts a GET, or the interface might actually have a list of verbs it accepts. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.