That is disappointing then. Restricting by IP may be doable, but much more work than basic auth.
On Wed, 2009-05-27 at 20:41 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > replication has no builtin security > > > > On Wed, May 27, 2009 at 8:37 PM, Matthew Gregg <matthew.gr...@gmail.com> > wrote: > > I would like the to protect both reads and writes. Reads could have a > > significant impact. I guess the answer is no, replication has no built > > in security? > > > > On Wed, 2009-05-27 at 20:11 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > >> The question is what all do you wish to protect. > >> There are 'read' as well as 'write' attributes . > >> > >> The reads are the ones which will not cause any harm other than > >> consuming some cpu cycles. > >> > >> The writes are the ones which can change the state of the system. > >> > >> The slave uses the 'read' API's which i feel may not need to be protected > >> > >> The other API's methods can have security . say dnappull, diableSnapPoll > >> etc > >> > >> > >> > >> On Wed, May 27, 2009 at 7:47 PM, Matthew Gregg <matthew.gr...@gmail.com> > >> wrote: > >> > On Wed, 2009-05-27 at 19:06 +0530, Noble Paul നോബിള് नोब्ळ् wrote: > >> >> On Wed, May 27, 2009 at 6:48 PM, Matthew Gregg > >> >> <matthew.gr...@gmail.com> wrote: > >> >> > Does replication in 1.4 support passing credentials/basic auth? If > >> >> > not > >> >> > what is the best option to protect replication? > >> >> do you mean protecting the url /replication ? > >> > Yes I would like to put /replication behind basic auth, which I can do, > >> > but replication fails. I naively tried the obvious > >> > http://user:p...@host/replication, but that fails. > >> > > >> >> > >> >> ideally Solr is expected to run in an unprotected environment. if you > >> >> wish to introduce some security it has to be built by you. > >> >> > > >> >> > > >> > I guess you meant Solr is expected to run in a "protected" environment? > >> > It's pretty easy to put up a basic auth in front of Solr, but the > >> > replication infra. in 1.4 doesn't seem to support it. Or does it, and I > >> > just don't know how? > >> > > >> > -- > >> > Matthew Gregg <matthew.gr...@gmail.com> > >> > > >> > > >> > >> > >> > > -- > > Matthew Gregg <matthew.gr...@gmail.com> > > > > > > > -- Matthew Gregg <matthew.gr...@gmail.com>
