Erik,
After Walters reply I started thinking along the lines you mentioned and
realized the folly of doing that!
Scott
On 8/15/2015 9:57 PM, Erick Erickson wrote:
Scott:
You better not even let them access Solr directly.
http://server:port/solr/admin/collections?ACTION=delete&name=collection.....
Try it sometime.... on a collection that's not important ;)
But as Walter said, that'd be similar to allowing end users
unrestricted access to
a SOL database, that Solr URL is akin to "drop database".....
Or, if you've locked down the admin stuff,
http://solr:port/solr/collection/update?commit=true&stream.body=<delete><query>*:*</query></delete>
Best
Erick
On Sat, Aug 15, 2015 at 6:57 PM, Scott Derrick <sc...@tnstaafl.net> wrote:
Walter,
actually that explains it perfectly! I will move behind my apache server...
thanks,
Scott
On 8/15/2015 6:15 PM, Walter Underwood wrote:
No one runs a public-facing Solr server. Just like no one runs a
public-facing MySQL server.
wunder
Walter Underwood
wun...@wunderwood.org
http://observer.wunderwood.org/ (my blog)
On Aug 15, 2015, at 4:15 PM, Scott Derrick <sc...@tnstaafl.net> wrote:
I'm somewhat puzzled there is no built in security. I can't image
anybody is running a public facing solr server with the admin page wide
open?
I've searched and haven't found any solutions that work out of the box.
I've tried the solutions here to no avail.
https://wiki.apache.org/solr/SolrSecurity
and here. http://wiki.eclipse.org/Jetty/Tutorial/Realms
The Solr security docs say to use the application server and if I could
run it on my tomcat server I would already be done. But I'm told I can't do
that?
What solutions are people using?
Scott
--
Leave no stone unturned.
Euripides
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
