[
https://issues.apache.org/jira/browse/SOLR-8429?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15061360#comment-15061360
]
Noble Paul commented on SOLR-8429:
----------------------------------
I don't think we need to change the default and change the default behavior.
All we need to do is change the example and add this flag there. So everyone
who use this feature will see the flag. If we put in the default nobody will
know this.
The point about security is that there are a lot of users who have solr without
security and they would just want to have minimal security. This would be to
just avoid certain operations being performed inadvertently. So, security is a
mechanism to protect their solr from themselves
> add a flag blockUnauthenticated to BasicAutPlugin
> -------------------------------------------------
>
> Key: SOLR-8429
> URL: https://issues.apache.org/jira/browse/SOLR-8429
> Project: Solr
> Issue Type: Improvement
> Reporter: Noble Paul
> Assignee: Noble Paul
>
> If authentication is setup with BasicAuthPlugin, it let's all requests go
> through if no credentials are passed. This was done to have minimal impact
> for users who only wishes to protect a few end points (say , collection admin
> and core admin only)
> We can add a flag to {{BasicAuthPlugin}} to allow only authenticated requests
> to go in
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
