[jira] [Commented] (SOLR-6807) Make handleSelect=true by default

["Shawn Heisey (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SOLR-6807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14229004#comment-14229004 ] 

Shawn Heisey commented on SOLR-6807:
------------------------------------

It was my understanding that the reason we went with false by default was to close a security hole.  To be specific, if handleSelect is true, then you can send a request to the /select handler, include qt=/update as a parameter, and change the index.

I don't mind having handleSelect as an option, but I think we should keep it false by default.  I won't vote it down if there's consensus to go that way, though.


> Make handleSelect=true by default
> ---------------------------------
>
>                 Key: SOLR-6807
>                 URL: https://issues.apache.org/jira/browse/SOLR-6807
>             Project: Solr
>          Issue Type: Wish
>    Affects Versions: 4.10.2
>            Reporter: Alexandre Rafalovitch
>            Priority: Minor
>              Labels: solrconfig.xml
>             Fix For: 5.0
>
>
> In the solrconfig.xml, we have a long explanation on the legacy *<requestDispatcher handleSelect="false" >* section. Since we are cleaning up legacy stuff for version 5, is it safe now to flip handleSelect to *true* by default and therefore remove both the attribute and the whole section explaining it. 
> Then, a section in Reference Guide or even a blog post can explain what to do for the old clients that still need it. But it does not seem to be needed anymore for the new users. And possibly cause confusing now that we have implicit, explicit and overlay handlers.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org