You are viewing a plain text version of this content. The canonical link for it is here.
Posted to solr-user@lucene.apache.org by Tricia Williams <pg...@student.cs.uwaterloo.ca> on 2006/06/22 00:32:35 UTC
Secure Solr
Hi All,
It seems to me that the way that documents are indexed and managed via
Solr using http get requests leaves your index open to malicious attacks
as anyone with the right syntax and some information about your index
could commit changes to your index. Is there some mechanism in solr that
prevents this kind of attack?
Thanks,
Tricia
Re: Secure Solr
Posted by Yonik Seeley <ys...@gmail.com>.
On 6/21/06, Tricia Williams <pg...@student.cs.uwaterloo.ca> wrote:
> It seems to me that the way that documents are indexed and managed via
> Solr using http get requests leaves your index open to malicious attacks
> as anyone with the right syntax and some information about your index
> could commit changes to your index. Is there some mechanism in solr that
> prevents this kind of attack?
We (CNET) use Solr as a back-end system.
Web traffic goes to apache web servers, then some requests go to
app-servers to generate dynamic content, and those app servers make
requests to Solr servers for search results.
If you have any ideas about it, adding security might be useful to
others though.
-Yonik