You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Valdir Salgueiro <so...@gmail.com> on 2009/09/22 00:14:41 UTC

Limit number of docs that can be indexed (security)

Hello,

I need a way to limit the number of documents that can be indexed on my
solr-based application. Here is what I have come up with: create a *
UpdateRequestProcessor* and register it on *solrconfig.xml*. When the user
tries to add a document, check if the docs limit has been reached. The
problem is, the user can modify solrconfig.xml and remove the *
UpdateRequestProcessor* so he can index as much as he wants.

Any ideas how to implement such restriction in a "safer" manner?

Thanks in advance,
Valdir

PS: Of course, I also need to make sure the user cannot modify how many
files he can index, but I think some encription on the properties file which
holds that information will do for now.

Re: Limit number of docs that can be indexed (security)

Posted by Valdir Salgueiro <so...@gmail.com>.

Israel, thanks for your comments. The problem with that alternative is that
it works only if the search application is in our server (and in that case,
of course, the user doesn't have access to any config file). But more often
than not the application is installed on the customer's network, thus he has
access to anything in that machine.

2009/9/21 Israel Ekpo <is...@gmail.com>

> Valdir,
>
> I think you are making it more complicated that it needs to be.
>
> As the administrator, if you don't want them to modify the contents of the
> solrconfig.xml file then you should not give them access to do so.
>
> If they already have access to change the contents of the file, you can
> revoke such privileges.
>
> That should do it. The users should only work on the client side (adding
> documents, sending queries)
>
> On Mon, Sep 21, 2009 at 6:14 PM, Valdir Salgueiro <sombraextra@gmail.com
> >wrote:
>
> > Hello,
> >
> > I need a way to limit the number of documents that can be indexed on my
> > solr-based application. Here is what I have come up with: create a *
> > UpdateRequestProcessor* and register it on *solrconfig.xml*. When the
> user
> > tries to add a document, check if the docs limit has been reached. The
> > problem is, the user can modify solrconfig.xml and remove the *
> > UpdateRequestProcessor* so he can index as much as he wants.
> >
> > Any ideas how to implement such restriction in a "safer" manner?
> >
> > Thanks in advance,
> > Valdir
> >
> > PS: Of course, I also need to make sure the user cannot modify how many
> > files he can index, but I think some encription on the properties file
> > which
> > holds that information will do for now.
> >
>
>
>
> --
> "Good Enough" is not good enough.
> To give anything less than your best is to sacrifice the gift.
> Quality First. Measure Twice. Cut Once.
>

Re: Limit number of docs that can be indexed (security)

Posted by Israel Ekpo <is...@gmail.com>.

Valdir,

I think you are making it more complicated that it needs to be.

As the administrator, if you don't want them to modify the contents of the
solrconfig.xml file then you should not give them access to do so.

If they already have access to change the contents of the file, you can
revoke such privileges.

That should do it. The users should only work on the client side (adding
documents, sending queries)

On Mon, Sep 21, 2009 at 6:14 PM, Valdir Salgueiro <so...@gmail.com>wrote:

> Hello,
>
> I need a way to limit the number of documents that can be indexed on my
> solr-based application. Here is what I have come up with: create a *
> UpdateRequestProcessor* and register it on *solrconfig.xml*. When the user
> tries to add a document, check if the docs limit has been reached. The
> problem is, the user can modify solrconfig.xml and remove the *
> UpdateRequestProcessor* so he can index as much as he wants.
>
> Any ideas how to implement such restriction in a "safer" manner?
>
> Thanks in advance,
> Valdir
>
> PS: Of course, I also need to make sure the user cannot modify how many
> files he can index, but I think some encription on the properties file
> which
> holds that information will do for now.
>

-- 
"Good Enough" is not good enough.
To give anything less than your best is to sacrifice the gift.
Quality First. Measure Twice. Cut Once.