Jan - we don't really need any security for our products, nor for most clients. However, one client does deal with very sensitive data so we proposed to encrypt the transfer of data and the data on disk through a Lucene Directory. It won't fill all gaps but it would adhere to such a client's guidelines.
I think many approaches of security in Solr/Lucene would find advocates, be it index encryption or authentication/authorization or transport security, which is now possible. I understand the reluctance of the PMC, and i agree with it, but some users would definitately benefit and it would certainly make Solr/Lucene the search platform to use for some enterprises. Markus -----Original message----- > From:Henrique O. Santos <hensan...@gmail.com> > Sent: Thursday 12th March 2015 23:43 > To: solr-user@lucene.apache.org > Subject: Re: [Poll]: User need for Solr security > > Hi, > > I’m currently working with indexes that need document level security. Based > on the user logged in, query results would omit documents that this user > doesn’t have access to, with LDAP integration and such. > > I think that would be nice to have on a future Solr release. > > Henrique. > > > On Mar 12, 2015, at 7:32 AM, Jan Høydahl <jan....@cominvent.com> wrote: > > > > Hi, > > > > Securing various Solr APIs has once again surfaced as a discussion in the > > developer list. See e.g. SOLR-7236 > > Would be useful to get some feedback from Solr users about needs "in the > > field". > > > > Please reply to this email and let us know what security aspect(s) would be > > most important for your company to see supported in a future version of > > Solr. > > Examples: Local user management, AD/LDAP integration, SSL, authenticated > > login to Admin UI, authorization for Admin APIs, e.g. admin user vs > > read-only user etc > > > > -- > > Jan Høydahl, search solution architect > > Cominvent AS - www.cominvent.com > > > >
