You have to remember that Solr is search, not security, its not considered a great idea to have it publicly accessible. If you want a public instance any requests to your solr instance should be "proxied" by some interface between solr and the user.
e.g. user requests http://foobar.com/searchapi?k=foobar&userToken=123456789 and then that page will check the userToken and send the request to solr and return the result solr gives. -Nick On 10/25/07, Cool Coder <[EMAIL PROTECTED]> wrote: > Thanks. I am trying to implement some sort authentication mechanism in Solr. > This means each request will have a key which can authenticate whether the > request is authentic or not. And do you think, I need to still take care the > steps mentioned by you and why?? > > - BR > > "Wagner,Harry" <[EMAIL PROTECTED]> wrote: > One effective method is to block access to the port Solr runs on. Force > application access to come thru the HTTP server, and let it map to the > application server (i.e., like mod_jk does for for Apache & Tomcat). > Simple, but effective. > > Cheers! > harry > > -----Original Message----- > From: Cool Coder [mailto:[EMAIL PROTECTED] > Sent: Wednesday, October 24, 2007 12:17 PM > To: solr-user@lucene.apache.org > Subject: Solr and security > > Hi Group, > As far as I know, to use solr, we need to deploy it as a > server and communicate to solr using http protocol. How about its > security? i.e. how can we ensure that it only accepts request from > predefined set of users only. Is there any way we can specify this in > solr or solr depends only on web server security model. I am not sure > whether my interpretation is right? > Your suggestion/input? > > - BR > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com
