Re: Need feedback on solr security

2010-02-22 Thread Jan Høydahl / Cominvent
Hi, Does "open for public" mean end users through browser or web sites through API? In either case you should have a front end proxying the traffic through to Solr, which explicitly allows only parameters that you allow. -- Jan Høydahl - search architect Cominvent AS - www.cominvent.com On 17.

Re: Need feedback on solr security

2010-02-17 Thread Gora Mohanty
On Wed, 17 Feb 2010 10:13:46 -0400 "Fuad Efendi" wrote: > > You could set a firewall that forbid any connection to your > > Solr's server port to everyone, except the computer that host > > your application that connect to Solr. > > So, only your application will be able to connect to Solr. > >

RE: Need feedback on solr security

2010-02-17 Thread Fuad Efendi
For Making by solr admin password protected, I had used the Path Based Authentication form http://wiki.apache.org/solr/SolrSecurity. In this way my admin area,search,delete,add to index is protected.But Now when I make solr authenticated then for every update/delete f

RE: Need feedback on solr security

2010-02-17 Thread Fuad Efendi
> You could set a firewall that forbid any connection to your Solr's > server port to everyone, except the computer that host your application > that connect to Solr. > So, only your application will be able to connect to Solr. I believe firewalling is the only possible solution since SOLR doesn'

Re: Need feedback on solr security

2010-02-17 Thread Xavier Schepler
Xavier Schepler wrote: Vijayant Kumar wrote: Hi Xavier, Thanks for your feedback the firewall rule for the trusted IP is not fessiable for us because the application is open for public so we can not work through IP banning. Vijayant Kumar wrote: Hi Group, I need some feedback on solr

Re: Need feedback on solr security

2010-02-17 Thread Xavier Schepler
Vijayant Kumar wrote: Hi Xavier, Thanks for your feedback the firewall rule for the trusted IP is not fessiable for us because the application is open for public so we can not work through IP banning. Vijayant Kumar wrote: Hi Group, I need some feedback on solr security. For Making

Re: Need feedback on solr security

2010-02-17 Thread Vijayant Kumar
Hi Xavier, Thanks for your feedback the firewall rule for the trusted IP is not fessiable for us because the application is open for public so we can not work through IP banning. > Vijayant Kumar wrote: >> Hi Group, >> >> I need some feedback on solr security. >> >> For Making by solr admin passw

Re: Need feedback on solr security

2010-02-17 Thread Xavier Schepler
Vijayant Kumar wrote: Hi Group, I need some feedback on solr security. For Making by solr admin password protected, I had used the Path Based Authentication form http://wiki.apache.org/solr/SolrSecurity. In this way my admin area,search,delete,add to index is protected.But Now when I make s