Thank you so much shawn for correcting me. Yes we should use some firewall to avoid direct solr server access from application.
With Regards Aman Tandon On Sat, Mar 7, 2015 at 9:59 PM, Shawn Heisey <apa...@elyograg.org> wrote: > On 3/7/2015 8:36 AM, Aman Tandon wrote: > > As per your need i understand that, you want to show the open the new > page > > when user search query on home page and same query should appear on > search > > page along with search result. > > > > If i am right, then you can open another page using JavaScript and you > can > > use jquery to call the solr url returning the results of user query and > get > > the data in json format, parse the data and show it on search page. > > Assuming you're talking about javascript in the browser, this design > should be avoided. It requires direct access to Solr from the user's > browser. > > If that access is granted, and an intelligent proxy is not used in front > of Solr that can detect and deny any attempt to change the index or > access the admin UI, the end user (presumably the entire Internet) will > be able to delete or change the index. Even if an intelligent proxy is > used, the user might be able to construct denial of service queries that > will make the Solr server incapable of serving legitimate traffic. > > It is always better to keep Solr firewalled from user access and query > it from within a web application that only runs on the webserver. > > If access to this application (and the Solr server) will be restricted > by a firewall to only a small group of users that can be trusted, then > this design might be OK. > > Thanks, > Shawn > >
