I'm trying to get my head around the architecture where Solr sits behind a firewall. Can someone tease this out for me. Is a jndi context establishing the connection to the app server? I'm naïve in thinking how one talks to the solr servlet behing a firewall.
I apologize up front for the naivety. -Andrew -----Original Message----- From: Erik Hatcher [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 14, 2007 11:18 AM To: solr-user@lucene.apache.org Subject: Re: Restrict Servlet Access On Mar 14, 2007, at 11:09 AM, Brian Whitman wrote: >> >> The recommendation is to firewall off Solr so only your >> application server can access it. Solr is not at all designed >> for direct client (browser, etc) access. > > Assuming you lock down update properly, what's the problem? We are > currently using select directly through the XSLTResponseWriter > right into a <div> via Ajax.Updater. Do you predict pain? I don't predict pain really, but I don't want to see Solr get bogged down in having a lot of security-related code added to it. I do think it would be good for there to be some sort of capability to make Solr read-only in some form or another, such that an indexer could still work from an authorized environment. Exposing Solr directly to a client does have appeal in the way you're doing it, but it also allows the possibility of hackers tinkering with it and perhaps requesting things they shouldn't. For example, we index tags and annotations, and only a logged in user can see their own annotations, so exposing Solr directly would subvert that protection. Erik
