You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Tricia Williams <pg...@student.cs.uwaterloo.ca> on 2006/06/22 00:32:35 UTC

Secure Solr

Hi All,

    It seems to me that the way that documents are indexed and managed via 
Solr using http get requests leaves your index open to malicious attacks 
as anyone with the right syntax and some information about your index 
could commit changes to your index.  Is there some mechanism in solr that 
prevents this kind of attack?

Thanks,
Tricia

Re: Secure Solr

Posted by Yonik Seeley <ys...@gmail.com>.

On 6/21/06, Tricia Williams <pg...@student.cs.uwaterloo.ca> wrote:
>     It seems to me that the way that documents are indexed and managed via
> Solr using http get requests leaves your index open to malicious attacks
> as anyone with the right syntax and some information about your index
> could commit changes to your index.  Is there some mechanism in solr that
> prevents this kind of attack?

We (CNET) use Solr as a back-end system.
Web traffic goes to apache web servers, then some requests go to
app-servers to generate dynamic content, and those app servers make
requests to Solr servers for search results.

If you have any ideas about it, adding security might be useful to
others though.

-Yonik