Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Not A Problem
-
None
-
None
Description
Currently anyone with HTTP access to Solr can see the Admin UI and all the system properties. In there you find
-DSTOP.KEY=solrrocks -DSTOP.PORT=7983
This means that anyone with this info can shut down Solr by hitting that port with the key (if it is not firewalled).
I think the simple solution is to add STOP.PORT and STOP.KEY from $SOLR_START_OPTS to the $SOLR_JETTY_CONFIG[@] variable. It will still be visible on the cmdline but not over HTTP.