lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Noble Paul (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-6736) A collections-like request handler to manage solr configurations on zookeeper
Date Fri, 10 Jul 2015 18:25:04 GMT

    [ https://issues.apache.org/jira/browse/SOLR-6736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14622708#comment-14622708
] 

Noble Paul commented on SOLR-6736:
----------------------------------

bq.Varun Rajput Agreed, but we can't think about building up a GUI unless we agree that putting
up arbitrary XML files is allowed

The fact is it is your system and you can put an arbitrary xml or even executable file if
you wish to. But it should only be allowed to a person who has the permissions to do so. Building
a GUI first is like putting the cart before the horse. We need to first define the workflow
involved in adding a certain artifact into the system. The questions we need to ask is

# Is the user allowed to add it?
# How can we avoid/minimize the harm caused by human errors even if you are authorized to
perform a certain action
# What are the steps involved in a person gaining those permissions. Is it possible to circumvent
it. 

It may be possible to hack this and gain access. But, we do not want Solr to be weakest link
in the whole ecosystem. For instance, in this ticket we say that  that, the user needs to
enable this handler with a system property. Which means that the hacker will have to gain
access to the file system first to put in the property there.  

> A collections-like request handler to manage solr configurations on zookeeper
> -----------------------------------------------------------------------------
>
>                 Key: SOLR-6736
>                 URL: https://issues.apache.org/jira/browse/SOLR-6736
>             Project: Solr
>          Issue Type: New Feature
>          Components: SolrCloud
>            Reporter: Varun Rajput
>            Assignee: Anshum Gupta
>         Attachments: SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch,
SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch, SOLR-6736.patch, newzkconf.zip, test_private.pem,
test_pub.der, zkconfighandler.zip, zkconfighandler.zip
>
>
> Managing Solr configuration files on zookeeper becomes cumbersome while using solr in
cloud mode, especially while trying out changes in the configurations. 
> It will be great if there is a request handler that can provide an API to manage the
configurations similar to the collections handler that would allow actions like uploading
new configurations, linking them to a collection, deleting configurations, etc.
> example : 
> {code}
> #use the following command to upload a new configset called mynewconf. This will fail
if there is alredy a conf called 'mynewconf'. The file could be a jar , zip or a tar file
which contains all the files for the this conf.
> curl -X POST -H 'Content-Type: application/octet-stream' --data-binary @testconf.zip
http://localhost:8983/solr/admin/configs/mynewconf?sig=<the-signature>
> {code}
> A GET to http://localhost:8983/solr/admin/configs will give a list of configs available
> A GET to http://localhost:8983/solr/admin/configs/mynewconf would give the list of files
in mynewconf



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message