[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585243#action_12585243 ] Mike Klaas commented on SOLR-527: - Is this a generally-useful feature? I'm not sure how often this use case would occur. > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585245#action_12585245 ] Yonik Seeley commented on SOLR-527: --- > Is this a generally-useful feature? I'm not sure how often this use case > would occur. I agree it's not. I think Ryan's solution is the most elegant, and that it should remain a custom extension (i.e. not committed). > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585253#action_12585253 ] Hoss Man commented on SOLR-527: --- For the record: allowing arbitrary outside parties the ability to issue commits on a slave is almost as dangerous as allowing adds/deletes. while the data itself can't be poisoned using a commit, you could DOS the slave with trashing as it warms searchers over and over again. if the goal is a read only slave that can still be triggered to load new snapshots, perhaps an alternate method on shapshot loading (that isn't net accessible) is in order ... ie: A variation on autocommit that polls the index dir periodically to see if it has changed. > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585256#action_12585256 ] Ryan McKinley commented on SOLR-527: I agree neither should approach should be committed. But I sympathize with the general request to make slave machines read-only. I think the problem Sean is trying to solve is to have confidence that his slave machines won't accidentally update or something like that. Other approaches are to make the file system read-only for the slave machine (but not for running rsync) Perhaps with SOLR-465, their could be a read only Directory instance... > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585573#action_12585573 ] Sean Timm commented on SOLR-527: Thanks all for taking a look at this. The ReadOnlyUpdateProcessorFactory.java is great, Ryan. I didn't realize that update processor factories could be chained. That is cleaner than my solution. Hoss, I realize that DOS attacks are still possible, however, my bigger concern is someone modifying our index (e.g., injecting a Viagra advert or the like into our index). > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585702#action_12585702 ] patrick o'leary commented on SOLR-527: -- I guess there's a couple of questions I'd have around this. # Should there be a default update mechanism if none are specified in the solrconfig.xml? #* I can rip out the request handlers for /update, it's still available through SolrUpdateServlet, as SolrCore loads ChainUpdateProcessFactory by default, and that loads RunUpdateProcessorFactory by default. That's not what I'd expect. # Should the UpdateCmd maintain some form of context of origin of an update, even like a string? #* If embeded could be used to store anything from a file name to a db name, if http the peer ip could be stored through the UpdateServlet or RequestDispatcher. #* Would allow custom update chains some ability to make a decision based the origin of a document. Overall I'd like to have the ability to determine if I should in fact allow an add / update / commit to go through, for both web based and non-web containers. But I definitely want to have the ability to switch it off. > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[
https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12585774#action_12585774
]
Hoss Man commented on SOLR-527:
---
bq. Should there be a default update mechanism if none are specified in the
solrconfig.xml?
For backwards compatibility yes, but the simple way to prevent all updates is
by mapping something else to /update -- a NoOpRequestHandler would be useful
here to prevent all updates (don't we already have one of those?)
{quote}
* If embeded could be used to store anything from a file name to a db name,
if http the peer ip could be stored through the UpdateServlet or
RequestDispatcher.
* Would allow custom update chains some ability to make a decision based
the origin of a document.
{quote}
UpdateProcessors shouldn't know/care about where the command originated from --
that's mainly the point, it's an agnostic way to hook into *all* index
modification commands regardless of origin. Logic about accepting/rejecting
commands based on where they came from needs to know know about the channel of
communication, so that logic should live as close to the source of that channel
as possible.
bq. Overall I'd like to have the ability to determine if I should in fact allow
an add / update / commit to go through, for both web based and non-web
containers. But I definitely want to have the ability to switch it off.
we generally try to keep Solr out of the business of authorization/security ...
if you are embedding Solr, make the wrapper code decide what/when to allow
commands through; if you are using Solr as a webapp, configure your servlet
container with whatever path based security you want.
> An XML commit only request handler
> --
>
> Key: SOLR-527
> URL: https://issues.apache.org/jira/browse/SOLR-527
> Project: Solr
> Issue Type: New Feature
> Components: update
>Affects Versions: 1.3
>Reporter: Sean Timm
>Priority: Trivial
> Attachments: ReadOnlyUpdateProcessorFactory.java,
> ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch
>
>
> This request handler only permits messages. It is provided as one
> way to prevent adds and deletes on a Solr slave machine that could
> potentially be accessed by outside parties where a firewall or other access
> control is either not possible or not desired.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[ https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12591678#action_12591678 ] Sean Timm commented on SOLR-527: I serendipitously discovered what is probably the cleanest way to only allow commits on the slave. If the index is owned by user A with permissions "-rw-r--r--" yet the slave solr process is run as user B, only read operations are allowed. This is obvious in retrospect. I just didn't think of it. > An XML commit only request handler > -- > > Key: SOLR-527 > URL: https://issues.apache.org/jira/browse/SOLR-527 > Project: Solr > Issue Type: New Feature > Components: update >Affects Versions: 1.3 >Reporter: Sean Timm >Priority: Trivial > Attachments: ReadOnlyUpdateProcessorFactory.java, > ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch > > > This request handler only permits messages. It is provided as one > way to prevent adds and deletes on a Solr slave machine that could > potentially be accessed by outside parties where a firewall or other access > control is either not possible or not desired. -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.
[jira] Commented: (SOLR-527) An XML commit only request handler
[
https://issues.apache.org/jira/browse/SOLR-527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12609156#action_12609156
]
Noble Paul commented on SOLR-527:
-
Can we add an attribute to the current UpdateHandler
{code:title=solrconfig.xml}
true
{code}
> An XML commit only request handler
> --
>
> Key: SOLR-527
> URL: https://issues.apache.org/jira/browse/SOLR-527
> Project: Solr
> Issue Type: New Feature
> Components: update
>Affects Versions: 1.3
>Reporter: Sean Timm
>Priority: Trivial
> Attachments: ReadOnlyUpdateProcessorFactory.java,
> ReadOnlyUpdateProcessorFactory.java, SOLR-527.patch
>
>
> This request handler only permits messages. It is provided as one
> way to prevent adds and deletes on a Solr slave machine that could
> potentially be accessed by outside parties where a firewall or other access
> control is either not possible or not desired.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
