13 dec 2008 kl. 06.05 skrev Aaron Schon:
Hi , if I have a Lucene index (or Solr) that is installed in client
premises. how would you go about securing the index from being
queries in unauthorized fashion. For example, from malicious users
or hackers, or for that matter "internal" users trying to reengineer
the system and use it for purposes other than the way licensed.
any suggestions?
You need to tell us a bit more about your application: what it does,
what the index contains, what parts you don't want users to access, et
c.
Could you distribute an index that only contains the data the users
are allowed to see? If not, why?
My guess is that it will be hard. Anyone could reconstruct the
documents from the index files. If you came up with some encryption of
the index then you would have to distribute the key in the source code
and that could be extracted using a decompiler, even if you
obusticated the code. An obfusticated index could also be broken using
decompiler. And if you allow users to place queries and see the
results then it's probably possible to reconstruct the raw data that
way.
karl
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org
For additional commands, e-mail: java-user-h...@lucene.apache.org
