I figured out you can disable the core admin in solr.xml, but then it
breaks the admin as apparently it relies on that.
I tried tomcat security but haven't been able to make it work
I think as this point I may just write a query/debugging app that the
developers could use
On 11/13/2012 07:12 AM, Erick Erickson wrote:
Slap them firmly on the wrist if they do?
The Solr admin is really designed with trusted users in mind. There are no
provisions that I know of for securing some of the functions.
Your developers have access to the Solr server through the browser, right?
They can do all of that via URL, see: http://wiki.apache.org/solr/CoreAdmin,
they don't need to use the admin server at all.
So unless you're willing to put a lot of effort into it, I don't think you
really can lock it down. If you really don't trust them to not do bad
things, set up a dev environment and lock them out of your production
servers totally?
Best
Erick
On Mon, Nov 12, 2012 at 12:41 PM, Michael Long <ml...@bizjournals.com>wrote:
I really like the new admin in solr 4.0, but specifically I don't want
developers to be able to unload, rename, swap, reload, optimize, or add
core.
Any ideas on how I could still give access to the rest of the admin
without giving access to these? It is very helpful for them to have access
to the Query, Analysis, etc.
