Thanks. That's what I wanted to know.
Micah
Walter Underwood wrote:
> Also, this page has a list of special characters that you may want
> to escape:
>
> http://lucene.apache.org/java/docs/queryparsersyntax.html
>
> wunder
>
> On 11/6/07 9:15 AM, "Walter Underwood" <[EMAIL PROTECTED]> wrote
Also, this page has a list of special characters that you may want
to escape:
http://lucene.apache.org/java/docs/queryparsersyntax.html
wunder
On 11/6/07 9:15 AM, "Walter Underwood" <[EMAIL PROTECTED]> wrote:
> Solr queries can't do updates, so passing on raw user queries is OK.
>
> Solr err
Solr queries can't do updates, so passing on raw user queries is OK.
Solr errors for bad query syntax are not pretty, so you will want to
catch those and print a real error message.
wunder
On 11/6/07 8:52 AM, "Micah Wedemeyer" <[EMAIL PROTECTED]> wrote:
> Are there any security risks to passing
On Tue, 2007-11-06 at 11:52 -0500, Micah Wedemeyer wrote:
> Are there any security risks to passing a query directly to Solr without
> doing any sort of escaping? I am using URL encoding, so '&' and such
> are being encoded into their %XX equivalents.
>
> Still, should I be doing anything else?
Are there any security risks to passing a query directly to Solr without
doing any sort of escaping? I am using URL encoding, so '&' and such
are being encoded into their %XX equivalents.
Still, should I be doing anything else? Is there such a thing as a
Solr-injection attack?
Thanks,
Micah
