Solr queries can't do updates, so passing on raw user queries is OK. Solr errors for bad query syntax are not pretty, so you will want to catch those and print a real error message.
wunder On 11/6/07 8:52 AM, "Micah Wedemeyer" <[EMAIL PROTECTED]> wrote: > Are there any security risks to passing a query directly to Solr without > doing any sort of escaping? I am using URL encoding, so '&' and such > are being encoded into their %XX equivalents. > > Still, should I be doing anything else? Is there such a thing as a > Solr-injection attack? > > Thanks, > Micah
