Whichever way you run, I just want to remind people that if people have access to Solr, they can issue delete commands and - probably - bunch of other things.
If performance is not a critical aspect, I would look at isolating Solr in something like Docker container. Regards, Alex. Personal: http://www.outerthoughts.com/ and @arafalov Solr resources and newsletter: http://www.solr-start.com/ and @solrstart Solr popularizers community: https://www.linkedin.com/groups?gid=6713853 On 4 November 2014 12:02, Chris Hostetter <hossman_luc...@fucit.org> wrote: > > I am not a security expert, but in my opinion the safest way to run solr > "securely" is to forget all about usernames & passwords and instead use > SSL with client SSL certificates... > > https://cwiki.apache.org/confluence/display/solr/Enabling+SSL > > > > : Date: Tue, 4 Nov 2014 12:53:30 +0000 > : From: Shay Sofer <sha...@checkpoint.com> > : Reply-To: solr-user@lucene.apache.org > : To: "solr-user@lucene.apache.org" <solr-user@lucene.apache.org> > : Subject: Solr authentication > : > : Hi, > : > : I want that my Solr web connection will be protected by username and > password. > : > : When someone try to get to - 1.1.1.1:8983/Solr, he can do it only after > login (with known users). > : > : Is it possible ? > : > : Thanks, > : Shay. > : > > -Hoss > http://www.lucidworks.com/
