[SOLR-10648] Do not expose STOP.PORT and STOP.KEY in sysProps - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Not A Problem
Affects Version/s: None
Fix Version/s: None
Component/s: scripts and tools
Labels:
- security

Description

Currently anyone with HTTP access to Solr can see the Admin UI and all the system properties. In there you find

-DSTOP.KEY=solrrocks
-DSTOP.PORT=7983

This means that anyone with this info can shut down Solr by hitting that port with the key (if it is not firewalled).

I think the simple solution is to add STOP.PORT and STOP.KEY from $SOLR_START_OPTS to the $SOLR_JETTY_CONFIG[@] variable. It will still be visible on the cmdline but not over HTTP.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Jan Høydahl

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 09/May/17 11:57

Updated:: 08/Jun/19 15:20

Resolved:: 08/Nov/18 11:38