Re: Disabling jvm properties from ui

Yes, it is important to understand that only trusted clients and persons should be given access to Solr's port. But it may stil be surprising to users that e.g. passwords to a DB or SSL keystore is available over HTTP when there is no need for them at the client side. I'm not saying itis a bug,

Re: Disabling jvm properties from ui

That's an interesting feature, and it addresses X, but there are lots of ways to discover system properties. In a managed schema, enter a field name ${java.version} and you'll get a field named 1.8.0_144 (or whatever). I still think it's important to address Y they are trying to hide the system pro

Re: Disabling jvm properties from ui

It's not documented in the Ref Guide, but you can set this system property to fix it: SOLR_OPTS="-Dsolr.redaction.system.pattern=(.*password.*|.*your-own-regex.*)" Then the property will show as --REDACTED— in the UI. Note that the property still will leak through /solr/admin/metrics and you ne

Re: Disabling jvm properties from ui

This sounds like an X Y problem . Why do you want to do that? Can you give more detail. What sort of information is exposed that you don't want someone to see, and who is that someone? Particularly, how is it they can use the admin UI which has the ability to delete all your

Disabling jvm properties from ui

Hi, Is there a way to disable jvm properties from the solr UI. It has some information which we don’t want to expose. Any pointers would be helpful. Thanks