lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erick Erickson <erickerick...@gmail.com>
Subject Re: SOLR 4.0 / Jetty Security Set Up
Date Fri, 07 Sep 2012 05:00:33 GMT
Securing Solr pretty much universally requires that you only allow trusted
clients to access the machines directly, usually secured with a firewall
and allowed IP addresses, the admin handler is the least of your worries.

Consider if you let me ping solr directly, I can do something really
annoying like:
http://localhost:8983/solr/update?stream.body=<delete><query>office:Bridgewater</query></delete>

Best
Erick

On Wed, Sep 5, 2012 at 2:51 AM, Paul Codman <snoozeshop@gmail.com> wrote:
> First time Solr user and I am loving it! I have a standard Solr 4 set up
> running under Jetty. The instructions in the Wiki do not seem to apply to
> Solr 4 (eg mortbay references / section to uncomment not present in xml
> file / etc) - could someone please advise on steps required to secure Solr
> 4 and can someone confirm that security operates in relation to new Admin
> interface. Thanks in advance.

Mime
View raw message