On Sep 24, 2006, at 3:09 PM, Bertrand Delacretaz wrote:
On 9/24/06, Erik Hatcher <[EMAIL PROTECTED]> wrote:
...perhaps some authentication/
authorization as well as HTTPS should eventually make it into the
core, but getting more fine grained is unnecessary...
If meaningful URLs are used (admin/stats, admin/config,
admin/analysis, etc.), it is relatively easy to use either the servlet
container or something like mod_proxy to implement security. Designing
a good URL scheme might remove the need to address security concerns
at the Solr level.
Agreed. Perhaps the Solr servlet should use the path information for
selecting the request handler: /solr/search/standard, /solr/search/
mlt, /solr/search/dismax, etc.
And a /admin, /stats, and/or a /tools paths would be a good
separation. /tools/analyzer, /stats/cache...
Erik
