[jira] [Commented] (SOLR-13442) Lean Solr with minimal functionality

["Ishan Chattopadhyaya (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SOLR-13442?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16994306#comment-16994306 ] 

Ishan Chattopadhyaya commented on SOLR-13442:
---------------------------------------------

Repurposing this old issue to track all steps we might want to take for making Solr more secure and leaner. Lets add all such efforts as linked JIRA here for easy tracking.

> Lean Solr with minimal functionality
> ------------------------------------
>
>                 Key: SOLR-13442
>                 URL: https://issues.apache.org/jira/browse/SOLR-13442
>             Project: Solr
>          Issue Type: Task
>            Reporter: Ishan Chattopadhyaya
>            Assignee: Ishan Chattopadhyaya
>            Priority: Major
>
> With lots and lots of out of the box features come the possibility of security vulnerabilities. A managed / hosted Solr cluster should have only minimal functionality turned on.
> Through this issue, we'd like to explore the possibility of starting up Solr such that just basic cloud based indexing and querying works (under basic auth), and fancy stuff like the following be turned off (maybe by a startup parameter):
> # Tika
> # DIH
> # Funky shards parameter usage (unless specific to implicit routing)
> # HDFS
> # Streaming expressions
> # non whitelisted function queries (with a whitelist of only few that are essential)
> # configset upload
> # blob store
> # etc.
> The motivation of this work is to have a public facing minimal Solr that is bullet proof, secure against external exposure (with the help of basic auth and rule based authorization).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org