lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Derrick <sc...@tnstaafl.net>
Subject Re: Admin Login
Date Sun, 16 Aug 2015 12:58:08 GMT
Erik,

After Walters reply I started thinking along the lines you mentioned and 
realized the folly of doing that!

Scott


On 8/15/2015 9:57 PM, Erick Erickson wrote:
> Scott:
>
> You better not even let them access Solr directly.
>
> http://server:port/solr/admin/collections?ACTION=delete&name=collection.....
>
> Try it sometime.... on a collection that's not important ;)
>
> But as Walter said, that'd be similar to allowing end users
> unrestricted access to
> a SOL database, that Solr URL is akin to "drop database".....
>
> Or, if you've locked down the admin stuff,
>
> http://solr:port/solr/collection/update?commit=true&stream.body=<delete><query>*:*</query></delete>
>
> Best
> Erick
>
> On Sat, Aug 15, 2015 at 6:57 PM, Scott Derrick <scott@tnstaafl.net> wrote:
>> Walter,
>>
>> actually that explains it perfectly!  I will move behind my apache server...
>>
>> thanks,
>>
>> Scott
>>
>>
>> On 8/15/2015 6:15 PM, Walter Underwood wrote:
>>> No one runs a public-facing Solr server. Just like no one runs a
>>> public-facing MySQL server.
>>>
>>> wunder
>>> Walter Underwood
>>> wunder@wunderwood.org
>>> http://observer.wunderwood.org/  (my blog)
>>>
>>>
>>> On Aug 15, 2015, at 4:15 PM, Scott Derrick <scott@tnstaafl.net> wrote:
>>>
>>>> I'm somewhat puzzled there is no built in security.  I can't image
>>>> anybody is running a public facing solr server with the admin page wide
>>>> open?
>>>>
>>>> I've searched and haven't found any solutions that work out of the box.
>>>>
>>>> I've tried the solutions here to no avail.
>>>> https://wiki.apache.org/solr/SolrSecurity
>>>>
>>>> and here.  http://wiki.eclipse.org/Jetty/Tutorial/Realms
>>>>
>>>> The Solr security docs say to use the application server and if I could
>>>> run it on my tomcat server I would already be done.  But I'm told I can't
do
>>>> that?
>>>>
>>>> What solutions are people using?
>>>>
>>>> Scott
>>>>
>>>> --
>>>> Leave no stone unturned.
>>>> Euripides
>>>
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


Mime
View raw message