lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Micah Wedemeyer <mwed...@emory.edu>
Subject Re: escaping characters and security
Date Tue, 06 Nov 2007 19:52:55 GMT
Thanks.  That's what I wanted to know.

Micah

Walter Underwood wrote:
> Also, this page has a list of special characters that you may want
> to escape:
> 
>   http://lucene.apache.org/java/docs/queryparsersyntax.html
> 
> wunder
> 
> On 11/6/07 9:15 AM, "Walter Underwood" <wunderwood@netflix.com> wrote:
> 
>> Solr queries can't do updates, so passing on raw user queries is OK.
>>
>> Solr errors for bad query syntax are not pretty, so you will want to
>> catch those and print a real error message.
>>
>> wunder
>>
>> On 11/6/07 8:52 AM, "Micah Wedemeyer" <mwedeme@emory.edu> wrote:
>>
>>> Are there any security risks to passing a query directly to Solr without
>>> doing any sort of escaping?  I am using URL encoding, so '&' and such
>>> are being encoded into their %XX equivalents.
>>>
>>> Still, should I be doing anything else?  Is there such a thing as a
>>> Solr-injection attack?
>>>
>>> Thanks,
>>> Micah
> 
> 


Mime
View raw message