lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erick Erickson <erickerick...@gmail.com>
Subject Re: Admin Login
Date Sun, 16 Aug 2015 03:57:27 GMT
Scott:

You better not even let them access Solr directly.

http://server:port/solr/admin/collections?ACTION=delete&name=collection.....

Try it sometime.... on a collection that's not important ;)

But as Walter said, that'd be similar to allowing end users
unrestricted access to
a SOL database, that Solr URL is akin to "drop database".....

Or, if you've locked down the admin stuff,

http://solr:port/solr/collection/update?commit=true&stream.body=<delete><query>*:*</query></delete>

Best
Erick

On Sat, Aug 15, 2015 at 6:57 PM, Scott Derrick <scott@tnstaafl.net> wrote:
> Walter,
>
> actually that explains it perfectly!  I will move behind my apache server...
>
> thanks,
>
> Scott
>
>
> On 8/15/2015 6:15 PM, Walter Underwood wrote:
>>
>> No one runs a public-facing Solr server. Just like no one runs a
>> public-facing MySQL server.
>>
>> wunder
>> Walter Underwood
>> wunder@wunderwood.org
>> http://observer.wunderwood.org/  (my blog)
>>
>>
>> On Aug 15, 2015, at 4:15 PM, Scott Derrick <scott@tnstaafl.net> wrote:
>>
>>> I'm somewhat puzzled there is no built in security.  I can't image
>>> anybody is running a public facing solr server with the admin page wide
>>> open?
>>>
>>> I've searched and haven't found any solutions that work out of the box.
>>>
>>> I've tried the solutions here to no avail.
>>> https://wiki.apache.org/solr/SolrSecurity
>>>
>>> and here.  http://wiki.eclipse.org/Jetty/Tutorial/Realms
>>>
>>> The Solr security docs say to use the application server and if I could
>>> run it on my tomcat server I would already be done.  But I'm told I can't do
>>> that?
>>>
>>> What solutions are people using?
>>>
>>> Scott
>>>
>>> --
>>> Leave no stone unturned.
>>> Euripides
>>
>>
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>

Mime
View raw message