Return-Path: X-Original-To: apmail-lucene-solr-user-archive@minotaur.apache.org Delivered-To: apmail-lucene-solr-user-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DA6EF17EFE for ; Sun, 16 Aug 2015 12:58:45 +0000 (UTC) Received: (qmail 82545 invoked by uid 500); 16 Aug 2015 12:58:42 -0000 Delivered-To: apmail-lucene-solr-user-archive@lucene.apache.org Received: (qmail 82479 invoked by uid 500); 16 Aug 2015 12:58:41 -0000 Mailing-List: contact solr-user-help@lucene.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: solr-user@lucene.apache.org Delivered-To: mailing list solr-user@lucene.apache.org Received: (qmail 82466 invoked by uid 99); 16 Aug 2015 12:58:41 -0000 Received: from Unknown (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 16 Aug 2015 12:58:41 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 22713C0873 for ; Sun, 16 Aug 2015 12:58:41 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.001 X-Spam-Level: X-Spam-Status: No, score=0.001 tagged_above=-999 required=6.31 tests=[URIBL_BLOCKED=0.001] autolearn=disabled Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id QrUxEmLvGE0l for ; Sun, 16 Aug 2015 12:58:26 +0000 (UTC) Received: from gateway24.websitewelcome.com (gateway24.websitewelcome.com [192.185.50.73]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id 9769020C24 for ; Sun, 16 Aug 2015 12:58:25 +0000 (UTC) Received: by gateway24.websitewelcome.com (Postfix, from userid 500) id 20E879D534845; Sun, 16 Aug 2015 07:58:18 -0500 (CDT) Received: from gator3003.hostgator.com (gator3003.hostgator.com [50.87.144.115]) by gateway24.websitewelcome.com (Postfix) with ESMTP id F26199D534827 for ; Sun, 16 Aug 2015 07:58:17 -0500 (CDT) Received: from 99-198-33-152.cust.wildblue.net ([99.198.33.152]:59953 helo=[127.0.0.1]) by gator3003.hostgator.com with esmtpsa (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from ) id 1ZQxVw-000K4Z-4W for solr-user@lucene.apache.org; Sun, 16 Aug 2015 07:58:17 -0500 Subject: Re: Admin Login To: solr-user@lucene.apache.org References: <55CFC812.20403@tnstaafl.net> <4CD96F00-513B-4559-BD7B-2F38D68F514C@wunderwood.org> <55CFEE25.7030206@tnstaafl.net> From: Scott Derrick Message-ID: <55D088E0.2000101@tnstaafl.net> Date: Sun, 16 Aug 2015 06:58:08 -0600 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Antivirus: avast! (VPS 150815-2, 08/15/2015), Outbound message X-Antivirus-Status: Clean X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - gator3003.hostgator.com X-AntiAbuse: Original Domain - lucene.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - tnstaafl.net X-BWhitelist: no X-Source-IP: 99.198.33.152 X-Exim-ID: 1ZQxVw-000K4Z-4W X-Source: X-Source-Args: X-Source-Dir: X-Source-Sender: 99-198-33-152.cust.wildblue.net ([127.0.0.1]) [99.198.33.152]:59953 X-Source-Auth: scott@tnstaafl.net X-Email-Count: 1 X-Source-Cap: c2RlcnJpY2s7c2RlcnJpY2s7Z2F0b3IzMDAzLmhvc3RnYXRvci5jb20= Erik, After Walters reply I started thinking along the lines you mentioned and realized the folly of doing that! Scott On 8/15/2015 9:57 PM, Erick Erickson wrote: > Scott: > > You better not even let them access Solr directly. > > http://server:port/solr/admin/collections?ACTION=delete&name=collection..... > > Try it sometime.... on a collection that's not important ;) > > But as Walter said, that'd be similar to allowing end users > unrestricted access to > a SOL database, that Solr URL is akin to "drop database"..... > > Or, if you've locked down the admin stuff, > > http://solr:port/solr/collection/update?commit=true&stream.body=*:* > > Best > Erick > > On Sat, Aug 15, 2015 at 6:57 PM, Scott Derrick wrote: >> Walter, >> >> actually that explains it perfectly! I will move behind my apache server... >> >> thanks, >> >> Scott >> >> >> On 8/15/2015 6:15 PM, Walter Underwood wrote: >>> No one runs a public-facing Solr server. Just like no one runs a >>> public-facing MySQL server. >>> >>> wunder >>> Walter Underwood >>> wunder@wunderwood.org >>> http://observer.wunderwood.org/ (my blog) >>> >>> >>> On Aug 15, 2015, at 4:15 PM, Scott Derrick wrote: >>> >>>> I'm somewhat puzzled there is no built in security. I can't image >>>> anybody is running a public facing solr server with the admin page wide >>>> open? >>>> >>>> I've searched and haven't found any solutions that work out of the box. >>>> >>>> I've tried the solutions here to no avail. >>>> https://wiki.apache.org/solr/SolrSecurity >>>> >>>> and here. http://wiki.eclipse.org/Jetty/Tutorial/Realms >>>> >>>> The Solr security docs say to use the application server and if I could >>>> run it on my tomcat server I would already be done. But I'm told I can't do >>>> that? >>>> >>>> What solutions are people using? >>>> >>>> Scott >>>> >>>> -- >>>> Leave no stone unturned. >>>> Euripides >>> >> >> --- >> This email has been checked for viruses by Avast antivirus software. >> https://www.avast.com/antivirus >> --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus