[jira] [Comment Edited] (SOLR-13985) bind to localhost by default

Tue, 07 Jan 2020 14:05:44 -0800 


    [ 
https://issues.apache.org/jira/browse/SOLR-13985?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17010121#comment-17010121
 ] 

Jason Gerlowski edited comment on SOLR-13985 at 1/7/20 10:04 PM:
-----------------------------------------------------------------

OK, awesome.  I've opened a PR for this with the *nix half already in place.  
That's ready to review if anyone is interested while I figure out the Windows 
changes.

I put some detail on the PR about the testing I did on it; happy for 
suggestions there too if there's a scenario anyone thinks of that I missed.

It's worth noting that none of our tests caught this issue because they all 
start Jetty differently than a real-deal Solr does, so these settings don't 
come into play in the same way.  I'm not sure there's anything practical we can 
do about this, but I wonder whether this difference between test-land and 
reality has bitten us before?  Just thinking aloud... 


was (Author: gerlowskija):
OK, awesome.  I've opened a PR for this with the *nix half already in place.  
That's ready to review if anyone is interested while I figure out the Windows 
changes.

> bind to localhost by default
> ----------------------------
>
>                 Key: SOLR-13985
>                 URL: https://issues.apache.org/jira/browse/SOLR-13985
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Assignee: Jason Gerlowski
>            Priority: Major
>             Fix For: master (9.0)
>
>         Attachments: SOLR-13985.patch, SOLR-13985.patch, SOLR-13985.patch, 
> SOLR-13985.patch
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Currently solr binds to all interfaces by default. 
> The default should be safer, so that e.g. the user is not exposed to the 
> internet until they make an explicit step to do so.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org

Reply via email to