lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthew Mauriello" <mm578...@albany.edu>
Subject Re: Solr Security
Date Wed, 02 Jun 2010 18:54:19 GMT
Thanks for the response.

I am using the most basic Solr Installation so I imagine the only
requestHandlers are those that are active on default. I think the gist of
what your saying is go through my solrconfig.xml file and secure any paths
that seem like they should be "admin" only? We are not really concerned
about security so much as just making sure the average user cannot mess
anything up. Users should only be able to search and retrieve xml
responses from solr and admins should be able to do everything and
anything else.

Thank you for your time,

~Matt

>
> : BASIC Tomcat. Essentially I want users to only be able to /select/* and
> : admins to be able to do everything else. Right now I am checking for
> :
> : /select/* - Users
> : /admin/*  - Admin
> : /update/* - Admin
> :
> : Are there other url strings I should be protecting?
> : (This was unclear to me in the documentation)
>
> in general it depends on what requestHandlers you have configured in your
> solrconfig.xml ...  if you have an instance of the ExtractinRequestHandler
> configured with the path "/extract/stuff" then you'll probably want to
> protect that as well.  In particular you may want to block users from
> accessing /replication (but then if you'll need to give special access to
> the slave machines so they can query the master)
>
> You should also watch out for the "qt" param when using the special
> "/select" path.  I would suggest that you just block user access
> /select, and use specific paths for accessing handlers directly (ie
> /search, /dismax, etc...)
>
>
> -Hoss
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
> For additional commands, e-mail: dev-help@lucene.apache.org
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message