The question is what all do you wish to protect. There are 'read' as well as 'write' attributes .
The reads are the ones which will not cause any harm other than consuming some cpu cycles. The writes are the ones which can change the state of the system. The slave uses the 'read' API's which i feel may not need to be protected The other API's methods can have security . say dnappull, diableSnapPoll etc On Wed, May 27, 2009 at 7:47 PM, Matthew Gregg <matthew.gr...@gmail.com> wrote: > On Wed, 2009-05-27 at 19:06 +0530, Noble Paul നോബിള് नोब्ळ् wrote: >> On Wed, May 27, 2009 at 6:48 PM, Matthew Gregg <matthew.gr...@gmail.com> >> wrote: >> > Does replication in 1.4 support passing credentials/basic auth? If not >> > what is the best option to protect replication? >> do you mean protecting the url /replication ? > Yes I would like to put /replication behind basic auth, which I can do, > but replication fails. I naively tried the obvious > http://user:p...@host/replication, but that fails. > >> >> ideally Solr is expected to run in an unprotected environment. if you >> wish to introduce some security it has to be built by you. >> > >> > > I guess you meant Solr is expected to run in a "protected" environment? > It's pretty easy to put up a basic auth in front of Solr, but the > replication infra. in 1.4 doesn't seem to support it. Or does it, and I > just don't know how? > > -- > Matthew Gregg <matthew.gr...@gmail.com> > > -- ----------------------------------------------------- Noble Paul | Principal Engineer| AOL | http://aol.com
