lucene-solr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Solr Wiki] Update of "SolrSecurity" by JanHoydahl
Date Fri, 08 Mar 2013 23:55:59 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.

The "SolrSecurity" page has been changed by JanHoydahl:
http://wiki.apache.org/solr/SolrSecurity?action=diff&rev1=32&rev2=33

Comment:
Info about proxy

  
  First and foremost, Solr does not concern itself with security either at the document level
or the communication level.  It is strongly recommended that the application server containing
Solr be firewalled such the only clients with access to Solr are your own.   A default/example
installation of Solr allows any client with access to it to add, update, and delete documents
(and of course search/read too), including access to the Solr configuration and schema files
and the administrative user interface.  
  
- Besides limiting port access to the Solr server, standard Java web security can be added
by tuning the container and the Solr web application configuration itself via web.xml.  For
example, all /update URLs could require HTTP authentication.
+ Besides limiting port access to the Solr server, standard Java web security can be added
by tuning the container and the Solr web application configuration itself via web.xml.  For
example, all /update URLs could require HTTP authentication. 
+ 
+ If there is a need to provide query access to a Solr server from the open internet, it is
highly recommended to use a proxy, such as [[https://github.com/evolvingweb/ajax-solr/wiki/Solr-proxies|one
of these]].
  
  <<TableOfContents>>
  

Mime
View raw message