How do I unsubscribe? -----Original Message----- From: Shawn Heisey [mailto:s...@elyograg.org] Sent: Tuesday, October 22, 2013 12:01 PM To: solr-user@lucene.apache.org Subject: Re: securing Solr Admin
On 10/22/2013 11:52 AM, Raymond Wiker wrote: > I have numerous search applications that only involve SOLR, jQuery, > Apache... and two additional server processes, one of which does query > validation, adds filtering and does an XSL transform of the search > results, while the other does a number of application-specific support > tasks. No SOLR API, except for HTTP. The most recent search interface > I did uses "solrstrap" to do most of the UI work. In summary: No > problem making a search interface that runs as a single web page. You're right that it's *possible* to make a javascript-based search page. If you do so by requiring the user's browser to contact Solr directly, it is not *safe* to do so. From what you've said, you don't allow direct access to Solr. By putting Solr behind an intelligent proxy that can restrict what gets through, you've made it safe. Thanks, Shawn
