The default blacklist is qt and stream, because there are examples of nasty
things which can be done using those parms. But it seems much wiser to
whitelist just the parms your web app needs to use. Am I missing something? Is
there a simpler way to protect a Solr installation which just serves a
Hi all
I have just been looking at solr-security-proxy, which seems to be a great
little app to put in front of Solr (link below). But would it make more sense
to use a whitelist of Solr parameters instead of a blacklist?
Thanks
Rick
https://github.com/dergachev/solr-security-proxy
solr-securit