Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-10648

Do not expose STOP.PORT and STOP.KEY in sysProps

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Not A Problem
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: scripts and tools
    • Labels:

      Description

      Currently anyone with HTTP access to Solr can see the Admin UI and all the system properties. In there you find

      -DSTOP.KEY=solrrocks
      -DSTOP.PORT=7983
      

      This means that anyone with this info can shut down Solr by hitting that port with the key (if it is not firewalled).

      I think the simple solution is to add STOP.PORT and STOP.KEY from $SOLR_START_OPTS to the $SOLR_JETTY_CONFIG[@] variable. It will still be visible on the cmdline but not over HTTP.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              janhoy Jan H√łydahl
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: