You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "David Eric Pugh (Jira)" <ji...@apache.org> on 2021/01/21 18:54:00 UTC
[jira] [Commented] (SOLR-13442) Lean Solr with minimal
functionality
[ https://issues.apache.org/jira/browse/SOLR-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17269553#comment-17269553 ]
David Eric Pugh commented on SOLR-13442:
----------------------------------------
Another ticket is done, only two left!
> Lean Solr with minimal functionality
> ------------------------------------
>
> Key: SOLR-13442
> URL: https://issues.apache.org/jira/browse/SOLR-13442
> Project: Solr
> Issue Type: Task
> Reporter: Ishan Chattopadhyaya
> Assignee: Ishan Chattopadhyaya
> Priority: Major
>
> With lots and lots of out of the box features come the possibility of security vulnerabilities. A managed / hosted Solr cluster should have only minimal functionality turned on.
> Through this issue, we'd like to explore the possibility of starting up Solr such that just basic cloud based indexing and querying works (under basic auth), and fancy stuff like the following be turned off (maybe by a startup parameter):
> # Tika
> # DIH
> # Funky shards parameter usage (unless specific to implicit routing)
> # HDFS
> # Streaming expressions
> # non whitelisted function queries (with a whitelist of only few that are essential)
> # configset upload
> # blob store
> # etc.
> The motivation of this work is to have a public facing minimal Solr that is bullet proof, secure against external exposure (with the help of basic auth and rule based authorization).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org