lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Karl Wettin <>
Subject Re: Lucene - Authentication
Date Sun, 14 Dec 2008 14:20:23 GMT

13 dec 2008 kl. 06.05 skrev Aaron Schon:

> Hi , if I have a Lucene index (or Solr) that is installed in client  
> premises. how would you go about securing the index from being  
> queries in unauthorized fashion. For example, from malicious users  
> or hackers, or for that matter "internal" users trying to reengineer  
> the system and use it for purposes other than the way licensed.
> any suggestions?

You need to tell us a bit more about your application: what it does,  
what the index contains, what parts you don't want users to access, et  

Could you distribute an index that only contains the data the users  
are allowed to see? If not, why?

My guess is that it will be hard. Anyone could reconstruct the  
documents from the index files. If you came up with some encryption of  
the index then you would have to distribute the key in the source code  
and that could be extracted using a decompiler, even if you  
obusticated the code. An obfusticated index could also be broken using  
decompiler. And if you allow users to place queries and see the  
results then it's probably possible to reconstruct the raw data that  


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message