Give me access to your raw Solr URLs, and I can submit the following: .../update?commit=ture&term.body=<delete><query>*:*<.query></delete> which will remove all documents from your index. You really have to take control of the requests you allow to get to Solr...
Best Erick On Fri, Apr 26, 2013 at 9:59 AM, Alexandre Rafalovitch <arafa...@gmail.com> wrote: > So, building on this: > 1) Velocity is an option for internal admin interface because it is > collocated with Solr and therefore does not 'hide' it > 2) Blacklight is the (Rails-based) application layer and the Solr is > internal behind it, so it does provide the security. > > Hope this helps to understand the distinction. > > Regards, > Alex. > Personal blog: http://blog.outerthoughts.com/ > LinkedIn: http://www.linkedin.com/in/alexandrerafalovitch > - Time is the quality of nature that keeps events from happening all > at once. Lately, it doesn't seem to be working. (Anonymous - via GTD > book) > > > On Fri, Apr 26, 2013 at 12:57 PM, Jack Krupansky > <j...@basetechnology.com> wrote: >> Generally, your UI web pages should communicate with your own application >> layer, which in turn communicates with Solr, but you should try to avoid >> having Solr itself visible to the outside world. >> >> -- Jack Krupansky >> >> -----Original Message----- From: kneerosh >> Sent: Friday, April 26, 2013 12:46 PM >> To: solr-user@lucene.apache.org >> Subject: Customizing Solr GUI >> >> >> Hi, >> >> I want to customize Solr gui, and I learnt that the most popular options >> are >> 1. Velocity- which is integrated with Solr. The format and options can be >> customized >> 2. Project Blacklight >> >> Pros and cons? >> >> Secondly I read that one can delete data by just running a delete query in >> the URL. Does either velocity or blacklight provide a way to disable this, >> or provide any kind of security or access control- so that users can only >> browse/search and admins can view the admin screen. How can we handle the >> security aspect in Solr? >> >> >> >> -- >> View this message in context: >> http://lucene.472066.n3.nabble.com/Customizing-Solr-GUI-tp4059257.html >> Sent from the Solr - User mailing list archive at Nabble.com.
