Well, one of the values of having people come at this from all different angles is that the documentation can be customized as each person sees in from a unique angle.
The Wiki pages are freely-editable, it'd be great if you were to go ahead and add your perspective. Best Erick On Thu, Nov 3, 2011 at 4:38 PM, Robert Petersen <rober...@buy.com> wrote: > Me too! > > -----Original Message----- > From: Walter Underwood [mailto:wun...@wunderwood.org] > Sent: Tuesday, November 01, 2011 1:02 PM > To: solr-user@lucene.apache.org > Subject: Re: Questions about Solr's security > > I once had to deal with a severe performance problem caused by a bot > that was requesting results starting at 5000. We disallowed requests > over a certain number of pages in the front end to fix it. > > wunder > > On Nov 1, 2011, at 12:57 PM, Erik Hatcher wrote: > >> Be aware that even /select could have some harmful effects, see > https://issues.apache.org/jira/browse/SOLR-2854 (addressed on trunk). >> >> Even disregarding that issue, /select is a potential gateway to any > request handler defined via /select?qt=/req_handler >> >> Again, in general it's not a good idea to expose Solr to anything but > a controlled app server. >> >> Erik >> >> On Nov 1, 2011, at 15:51 , Alireza Salimi wrote: >> >>> What if we just expose '/select' paths - by firewalls and load > balancers - >>> and >>> also use SSL and HTTP basic or digest access control? >>> >>> On Tue, Nov 1, 2011 at 2:20 PM, Chris Hostetter > <hossman_luc...@fucit.org>wrote: >>> >>>> >>>> : I was wondering if it's a good idea to expose Solr to the outside > world, >>>> : so that our clients running on smart phones will be able to use > Solr. >>>> >>>> As a general rule of thumb, i would say that it is not a good idea > to >>>> expose solr directly to the public internet. >>>> >>>> there are exceptions to this rule -- AOL hosted some live solr > instances >>>> of the Sarah Palin emails for HufPo -- but it is definitely an > expert >>>> level type thing for people who are so familiar with solr they know >>>> exactly what to lock down to make it "safe" >>>> >>>> for typical users: put an application between your untrusted users > and >>>> solr and only let that application generate "safe" welformed > requests to >>>> Solr... >>>> >>>> https://wiki.apache.org/solr/SolrSecurity >>>> >>>> >>>> -Hoss >>>> >>> >>> >>> >>> -- >>> Alireza Salimi >>> Java EE Developer >> > > -- > Walter Underwood > Venture Asst. Scoutmaster > Troop 14, Palo Alto, CA > > > >
