About <1>. Gotta be careful here about what would be promised. You really _can't_ encrypt the _indexed_ terms in a meaningful way and still search. And, as you well know, you can reconstruct documents from the indexed terms. It's lossy, but still coherent enough to give security folks fits.
For instance, to do a wildcard search I need to have the "run" in "run" match "running", "runner" "runs" etc. Any but trivial encryption will break that, and the trivial encryption is easy to break. So putting all this over an encrypting filesystem is an approach that's often used. FWIW On Thu, Mar 12, 2015 at 5:22 AM, Dmitry Kan <solrexp...@gmail.com> wrote: > Hi, > > Things you have mentioned would be useful for our use-case. > > On top we've seen these two requests for securing Solr: > > 1. Encrypting the index (with a customer private key for instance). There > are certainly other ways to go about this, like using virtual private > clouds, but having the feature in solr could allow multitenant Solr > installations. > > 2. ACLs: giving access rights to parts of the index / document sets > depending on the user access rights. > > > > On Thu, Mar 12, 2015 at 1:32 PM, Jan Høydahl <jan....@cominvent.com> wrote: > >> Hi, >> >> Securing various Solr APIs has once again surfaced as a discussion in the >> developer list. See e.g. SOLR-7236 >> Would be useful to get some feedback from Solr users about needs "in the >> field". >> >> Please reply to this email and let us know what security aspect(s) would >> be most important for your company to see supported in a future version of >> Solr. >> Examples: Local user management, AD/LDAP integration, SSL, authenticated >> login to Admin UI, authorization for Admin APIs, e.g. admin user vs >> read-only user etc >> >> -- >> Jan Høydahl, search solution architect >> Cominvent AS - www.cominvent.com >> >> > > > -- > Dmitry Kan > Luke Toolbox: http://github.com/DmitryKey/luke > Blog: http://dmitrykan.blogspot.com > Twitter: http://twitter.com/dmitrykan > SemanticAnalyzer: www.semanticanalyzer.info
