lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Petersen" <rober...@buy.com>
Subject RE: Questions about Solr's security
Date Thu, 03 Nov 2011 20:38:55 GMT
Me too!

-----Original Message-----
From: Walter Underwood [mailto:wunder@wunderwood.org] 
Sent: Tuesday, November 01, 2011 1:02 PM
To: solr-user@lucene.apache.org
Subject: Re: Questions about Solr's security

I once had to deal with a severe performance problem caused by a bot
that was requesting results starting at 5000. We disallowed requests
over a certain number of pages in the front end to fix it.

wunder

On Nov 1, 2011, at 12:57 PM, Erik Hatcher wrote:

> Be aware that even /select could have some harmful effects, see
https://issues.apache.org/jira/browse/SOLR-2854 (addressed on trunk).
> 
> Even disregarding that issue, /select is a potential gateway to any
request handler defined via /select?qt=/req_handler
> 
> Again, in general it's not a good idea to expose Solr to anything but
a controlled app server.  
> 
> 	Erik
> 
> On Nov 1, 2011, at 15:51 , Alireza Salimi wrote:
> 
>> What if we just expose '/select' paths - by firewalls and load
balancers -
>> and
>> also use SSL and HTTP basic or digest access control?
>> 
>> On Tue, Nov 1, 2011 at 2:20 PM, Chris Hostetter
<hossman_lucene@fucit.org>wrote:
>> 
>>> 
>>> : I was wondering if it's a good idea to expose Solr to the outside
world,
>>> : so that our clients running on smart phones will be able to use
Solr.
>>> 
>>> As a general rule of thumb, i would say that it is not a good idea
to
>>> expose solr directly to the public internet.
>>> 
>>> there are exceptions to this rule -- AOL hosted some live solr
instances
>>> of the Sarah Palin emails for HufPo -- but it is definitely an
expert
>>> level type thing for people who are so familiar with solr they know
>>> exactly what to lock down to make it "safe"
>>> 
>>> for typical users: put an application between your untrusted users
and
>>> solr and only let that application generate "safe" welformed
requests to
>>> Solr...
>>> 
>>> https://wiki.apache.org/solr/SolrSecurity
>>> 
>>> 
>>> -Hoss
>>> 
>> 
>> 
>> 
>> -- 
>> Alireza Salimi
>> Java EE Developer
> 

--
Walter Underwood
Venture Asst. Scoutmaster
Troop 14, Palo Alto, CA




Mime
View raw message