lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Hostetter <hossman_luc...@fucit.org>
Subject Re: Solr Security
Date Wed, 02 Jun 2010 17:56:47 GMT

: BASIC Tomcat. Essentially I want users to only be able to /select/* and
: admins to be able to do everything else. Right now I am checking for
: 
: /select/* - Users
: /admin/*  - Admin
: /update/* - Admin
: 
: Are there other url strings I should be protecting?
: (This was unclear to me in the documentation)

in general it depends on what requestHandlers you have configured in your 
solrconfig.xml ...  if you have an instance of the ExtractinRequestHandler 
configured with the path "/extract/stuff" then you'll probably want to 
protect that as well.  In particular you may want to block users from 
accessing /replication (but then if you'll need to give special access to 
the slave machines so they can query the master)

You should also watch out for the "qt" param when using the special 
"/select" path.  I would suggest that you just block user access 
/select, and use specific paths for accessing handlers directly (ie 
/search, /dismax, etc...)


-Hoss


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message