On 1/30/2015 1:07 PM, Roman Chyla wrote: > There exists a new open-source implementation of a search interface for > SOLR. It is written in Javascript (using Backbone), currently in version > v1.0.19 - but new features are constantly coming. Rather than describing it > in words, please see it in action for yourself at http://ui.adslabs.org - > I'd recommend exploring facets, the query form, and visualizations. > > The code lives at: http://github.com/adsabs/bumblebee
I have no wish to trivialize the work you've done. I haven't looked into the code, but a high-level glance at the documentation suggests that you've put a lot of work into it. I do however have a strong caveat for your users. I'm the guy holding the big sign that says "the end is near" to anyone who will listen! By itself, this is an awesome tool for prototyping, but without some additional expertise and work, there are severe security implications. If this gets used for a public Internet facing service, the Solr server must be accessible from the end user's machine, which might mean that it must be available to the entire Internet. If the Solr server is not sitting behind some kind of intelligent proxy that can detect and deny aattempts to access certain parts of the Solr API, then Solr will be wide open to attack. A knowledgeable user that has unfiltered access to a Solr server will be able to completely delete the index, change any piece of information in the index, or send denial of service queries that will make it unable to respond to legitimate traffic. Setting up such a proxy is not a trivial task. I know that some people have done it, but so far I have not seen anyone share those configurations. Even with such a proxy, it might still be possible to easily send denial of service queries. I cannot find any information in your README or the documentation links that mentions any of these concerns. I suspect that many who incorporate this client into their websites will be unaware that their setup may be insecure, or how to protect it. Thanks, Shawn
