Thats what I was going to do originally, however what is stopping a user from
simply running a search through http://localhost:8983/solr/admin/ of the
index server?
Norberto Meijome-6 wrote:
>
> On Wed, 24 Jun 2009 23:20:26 -0700 (PDT)
> pof <melbournebeerba...@gmail.com> wrote:
>
>>
>> Hi, I am wanting to add document-level security that works as following:
>> An
>> external process makes a query to the index, depending on their security
>> allowences based of a login id a list of hits are returned minus any the
>> user are meant to know even exist. I was thinking maybe a custom filter
>> with
>> a JDBC connection to check security of the user vs. the document. I'm not
>> sure how I would add the filter or how to write the filter or how to get
>> the
>> login id from a GET parameter. Any suggestions, comments etc.?
>
> Hi Brett,
> (keeping in mind that i've been away from SOLR for 8 months, but i
> dont think this was added of late)
>
> standard approach is to manage security @ your
> application layer, not @ SOLR. ie, search, return documents (which should
> contain some kind of data to identify their ACL ) and then you can decide
> whether to show it or not.
>
> HIH
> _________________________
> {Beto|Norberto|Numard} Meijome
>
> "They never open their mouths without subtracting from the sum of human
> knowledge." Thomas Brackett Reed
>
> I speak for myself, not my employer. Contents may be hot. Slippery when
> wet.
> Reading disclaimers makes you go blind. Writing them is worse. You have
> been
> Warned.
>
>
--
View this message in context:
http://www.nabble.com/Solr-document-security-tp24197620p24212752.html
Sent from the Solr - User mailing list archive at Nabble.com.
