When I visit a Solr URL such as:
http://solrserver:8180/solr/project/data-import
The response includes the JDBC URL/username/password that was passed into DataImportHandler as part of the initargs
section.
Are there any configuration options to stop this from happening, or am I going to have to look into using Apache HTTPD's mod_substitute to remove the offending line(s)?
Edit: by the way, currently we aren't fronting Solr with Apache, so if there is a Solr-only solution that is the preferable option.
Edit2: I'm not the only one with the problem
Basically the easy solr-only route would be to hack in http auth to the solr webapp itself. It's about two snippets of xml, but one part of it (defining users and roles) is servlet container specific. Which servlet container are you using?
EDIT: Jetty and Resin examples here: http://wiki.apache.org/solr/SolrSecurity#Path_Based_Authentication