You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Houston Putman (Jira)" <ji...@apache.org> on 2020/08/19 21:27:03 UTC

[jira] [Updated] (SOLR-14720) Validate Sanctity of Request Type

     [ https://issues.apache.org/jira/browse/SOLR-14720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Houston Putman updated SOLR-14720:
----------------------------------
    Security:     (was: Public)

> Validate Sanctity of Request Type
> ---------------------------------
>
>                 Key: SOLR-14720
>                 URL: https://issues.apache.org/jira/browse/SOLR-14720
>             Project: Solr
>          Issue Type: Improvement
>            Reporter: Atri Sharma
>            Priority: Major
>
> https://issues.apache.org/jira/browse/SOLR-13528 introduces a mechanism to identify between internal (server) and external (client) requests. Currently, this mechanism works on populating a relevant field in the request's headers. However, a rogue client can impersonate or fabricate a server request.
>  
> This Jira tracks effort to validate that a client request's context is set correctly. We look to tap into the authentication loop to piggy back on the information provided there.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org