Yes - adding to my post, I actually have a python script that verifies that handleSelect="false" for each core's solrconfig.xml.
-----Original Message----- From: Erick Erickson [mailto:erickerick...@gmail.com] Sent: Saturday, August 15, 2015 11:57 PM To: solr-user@lucene.apache.org Subject: Re: Admin Login Scott: You better not even let them access Solr directly. http://server:port/solr/admin/collections?ACTION=delete&name=collection..... Try it sometime.... on a collection that's not important ;) But as Walter said, that'd be similar to allowing end users unrestricted access to a SOL database, that Solr URL is akin to "drop database"..... Or, if you've locked down the admin stuff, http://solr:port/solr/collection/update?commit=true&stream.body=<delete><query>*:*</query></delete> Best Erick On Sat, Aug 15, 2015 at 6:57 PM, Scott Derrick <sc...@tnstaafl.net> wrote: > Walter, > > actually that explains it perfectly! I will move behind my apache server... > > thanks, > > Scott > > > On 8/15/2015 6:15 PM, Walter Underwood wrote: >> >> No one runs a public-facing Solr server. Just like no one runs a >> public-facing MySQL server. >> >> wunder >> Walter Underwood >> wun...@wunderwood.org >> http://observer.wunderwood.org/ (my blog) >> >> >> On Aug 15, 2015, at 4:15 PM, Scott Derrick <sc...@tnstaafl.net> wrote: >> >>> I'm somewhat puzzled there is no built in security. I can't image >>> anybody is running a public facing solr server with the admin page >>> wide open? >>> >>> I've searched and haven't found any solutions that work out of the box. >>> >>> I've tried the solutions here to no avail. >>> https://wiki.apache.org/solr/SolrSecurity >>> >>> and here. http://wiki.eclipse.org/Jetty/Tutorial/Realms >>> >>> The Solr security docs say to use the application server and if I >>> could run it on my tomcat server I would already be done. But I'm >>> told I can't do that? >>> >>> What solutions are people using? >>> >>> Scott >>> >>> -- >>> Leave no stone unturned. >>> Euripides >> >> > > > --- > This email has been checked for viruses by Avast antivirus software. > https://www.avast.com/antivirus >
