Limiting the maximum number of rows doesn't work, because
they can request rows 2-20100. --wunder
On 11/16/08 3:27 PM, "Ryan McKinley" <[EMAIL PROTECTED]> wrote:
>>
>> I'd be parsing out wildcards, boosts, and fuzzy searches (or at
>> least thinking about the effects).
>> I mean "jakarta apa
I'd be parsing out wildcards, boosts, and fuzzy searches (or at
least thinking about the effects).
I mean "jakarta apache"~1000 or roam~0.1 aren't as efficient as a
regular query.
Even if you leave the solr instance public, you can still limit
grossly inefficent params by forcing things
my assumption with solrjs is that you are hitting "read-only" solr
servers that you don't mind if people query directly. It would not be
appropriate for something where you don't want people (who really
care) to know you are running solr and could execute arbitrary queries.
Since it is an
Agreed, it is pretty easy to create a large variety of denial
of service attacks with sorts, wildcards, requesting a large
number of results, or a page deep in the results.
We have protected against several different DoS problems
in our front-end code.
wunder
On 11/16/08 3:12 PM, "Ian Holsman" <
Erik Hatcher wrote:
On Nov 16, 2008, at 5:41 PM, Ian Holsman wrote:
First thing I would look at is disabling write access, or writing a
servlet that sits on top of the write handler to filter your data.
We can turn off all the update handlers, but how does that affect
replication? Can a Sol
What about SolrJS? Isn't it designed to hit a Solr directly? (Sure,
as long as the response looked like Solr response, it could have come
through some magic 'security' tier).
Erik
On Nov 16, 2008, at 5:54 PM, Ryan McKinley wrote:
I'm not totally sure what you are suggesting. Is t
Plus, it's just too big a can of worms for solr to handle. You could
protect up to a small point, but a real ddos attack is not going to be
defended against by solr. At best we could put in 'kiddie' protection
against.
- Mark
On Nov 16, 2008, at 5:51 PM, Erik Hatcher <[EMAIL PROTECTED]>
I'm not totally sure what you are suggesting. Is there a general way
people deal with security and search?
I'm assuming we already have good ways (better ways) to make sure
people are authorized/logged in etc. What do you imagine "solr
security" would add?
FYI, I used to have a custom R
On Nov 16, 2008, at 5:41 PM, Ian Holsman wrote:
First thing I would look at is disabling write access, or writing a
servlet that sits on top of the write handler to filter your data.
We can turn off all the update handlers, but how does that affect
replication? Can a Solr replicant be enti
Erik Hatcher wrote:
I'm pondering the viability of running Solr as effectively a UI
server... what I mean by that is having a public facing browser-based
application hitting a Solr backend directly for JSON, XML, etc data.
I know folks are doing this (I won't name names, in case this thread
c
I'm pondering the viability of running Solr as effectively a UI
server... what I mean by that is having a public facing browser-based
application hitting a Solr backend directly for JSON, XML, etc data.
I know folks are doing this (I won't name names, in case this thread
comes up with any v
Erik Hatcher schrieb:
Joan - I'll have a look at this in the near future. SolrJS was using a
custom version of a VelocityResponseWriter patch, but since then I have
committed a version of that code to the contrib/velocity area of Solr.
contrib/velocity probably does not work with SolrJS curre
Joan - I'll have a look at this in the near future. SolrJS was using
a custom version of a VelocityResponseWriter patch, but since then I
have committed a version of that code to the contrib/velocity area of
Solr. contrib/velocity probably does not work with SolrJS currently,
but we'll ge
I downloaded solr/trunk and build it,
everything seems to work except that the VelocityResponseWriter is not in
the war file
and tomcat , gives an error of configuration when using the conf.xml of the
solrjs.
Any suggestion on how to build the solr to work with solrjs??
Thanks
Joan Codina
--
V
I have trouble balancing between popularity and search relevance.
The trouble is combining boost factors and a mm(minimum match) of less than
100%.
The mm leads the search to return also less relevant items.
Two conflicting main scenarios exist:
- generic category search (say something like tft)
I meant patch as in a source code patch, so I'm afraid your kind of in a
tough spot. Thats part of the 'trunk running' risk unfortunately...
You've done it once though, so I am sure you can manage again right ?
I'm not sure exactly what state your checkout is (though I suppose I can
guess clos
Not easily no...It has occurred twice on my machine but what triggers it I
do not know. Mark Miller has provided some explanations for what may be
going on in Lucene that may be causing thisCf. his last email
- Bill
--
From: "Noble Paul
17 matches
Mail list logo