Nice work Roman! Lukas
On Sat, Jan 31, 2015 at 4:36 AM, Roman Chyla <roman.ch...@gmail.com> wrote: > I gather from your comment that I should update readme, because there could > be people who would be inclined to use bumblebee development server in > production: Beware those who enter through this gate! :-) > > Your point, that so far you haven't seen anybody share their middle layer > can be addressed by pointing to the following projects: > > https://github.com/adsabs/solr-service > https://github.com/adsabs/adsws > > These are also open source, we use them in production, and have oauth, > microservices, rest, and rate limits, we know it is not perfect, but what > is? ;-) pull requests welcome! > > Thanks, > > Roman > On 30 Jan 2015 21:51, "Shawn Heisey" <apa...@elyograg.org> wrote: > > > On 1/30/2015 1:07 PM, Roman Chyla wrote: > > > There exists a new open-source implementation of a search interface for > > > SOLR. It is written in Javascript (using Backbone), currently in > version > > > v1.0.19 - but new features are constantly coming. Rather than > describing > > it > > > in words, please see it in action for yourself at > http://ui.adslabs.org > > - > > > I'd recommend exploring facets, the query form, and visualizations. > > > > > > The code lives at: http://github.com/adsabs/bumblebee > > > > I have no wish to trivialize the work you've done. I haven't looked > > into the code, but a high-level glance at the documentation suggests > > that you've put a lot of work into it. > > > > I do however have a strong caveat for your users. I'm the guy holding > > the big sign that says "the end is near" to anyone who will listen! > > > > By itself, this is an awesome tool for prototyping, but without some > > additional expertise and work, there are severe security implications. > > > > If this gets used for a public Internet facing service, the Solr server > > must be accessible from the end user's machine, which might mean that it > > must be available to the entire Internet. > > > > If the Solr server is not sitting behind some kind of intelligent proxy > > that can detect and deny aattempts to access certain parts of the Solr > > API, then Solr will be wide open to attack. A knowledgeable user that > > has unfiltered access to a Solr server will be able to completely delete > > the index, change any piece of information in the index, or send denial > > of service queries that will make it unable to respond to legitimate > > traffic. > > > > Setting up such a proxy is not a trivial task. I know that some people > > have done it, but so far I have not seen anyone share those > > configurations. Even with such a proxy, it might still be possible to > > easily send denial of service queries. > > > > I cannot find any information in your README or the documentation links > > that mentions any of these concerns. I suspect that many who > > incorporate this client into their websites will be unaware that their > > setup may be insecure, or how to protect it. > > > > Thanks, > > Shawn > > > > >
