You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by clico <cl...@mairie-marseille.fr> on 2009/10/07 15:00:48 UTC
manage rights
Hi everybody
As I'm ready to deploy my solr server (after many tests and use cases)
I'd like ton configure my server in order that some request cannot be post
As an example :
My CMS or data app can use
- dataimport
- and other indexing commands
My website can only perform a search on the server
could one explain me where this configuration has to be done?
Thanks
--
View this message in context: http://www.nabble.com/manage-rights-tp25784152p25784152.html
Sent from the Solr - User mailing list archive at Nabble.com.
Re: manage rights
Posted by Grant Ingersoll <gs...@apache.org>.
You should also separate your indexer from your searcher and make the
searcher request handlers allow search only (remove the handlers you
don't need). You could also lock down the request parameters that
they take, too, by using invariants, etc.
Have a look in your solrconfig.xml. You could, of course, also have a
ServletFilter in front of Solr or some other type of firewall that
just throws away the requests you don't wish to support.
And, of course, firewalls can be used, too.
On Oct 7, 2009, at 4:50 PM, Lance Norskog wrote:
> There are no security features in Solr 1.4. You cannot do this.
>
> It would be really simple to implement a hack where all management
> must be done via POST, and then allow the configuration to ban POST
> requests.
>
> On 10/7/09, clico <cl...@mairie-marseille.fr> wrote:
>>
>> Hi everybody
>> As I'm ready to deploy my solr server (after many tests and use
>> cases)
>> I'd like ton configure my server in order that some request cannot
>> be post
>>
>> As an example :
>> My CMS or data app can use
>> - dataimport
>> - and other indexing commands
>>
>> My website can only perform a search on the server
>>
>> could one explain me where this configuration has to be done?
>>
>> Thanks
>> --
>> View this message in context:
>> http://www.nabble.com/manage-rights-tp25784152p25784152.html
>> Sent from the Solr - User mailing list archive at Nabble.com.
>>
>>
>
>
> --
> Lance Norskog
> goksron@gmail.com
--------------------------
Grant Ingersoll
http://www.lucidimagination.com/
Search the Lucene ecosystem (Lucene/Solr/Nutch/Mahout/Tika/Droids)
using Solr/Lucene:
http://www.lucidimagination.com/search
Re: manage rights
Posted by Lance Norskog <go...@gmail.com>.
There are no security features in Solr 1.4. You cannot do this.
It would be really simple to implement a hack where all management
must be done via POST, and then allow the configuration to ban POST
requests.
On 10/7/09, clico <cl...@mairie-marseille.fr> wrote:
>
> Hi everybody
> As I'm ready to deploy my solr server (after many tests and use cases)
> I'd like ton configure my server in order that some request cannot be post
>
> As an example :
> My CMS or data app can use
> - dataimport
> - and other indexing commands
>
> My website can only perform a search on the server
>
> could one explain me where this configuration has to be done?
>
> Thanks
> --
> View this message in context:
> http://www.nabble.com/manage-rights-tp25784152p25784152.html
> Sent from the Solr - User mailing list archive at Nabble.com.
>
>
--
Lance Norskog
goksron@gmail.com