ther at the document level or the communication level. It is strongly
> > > recommended that the application server containing Solr be firewalled
> > such
> > > the only clients with access to Solr are your own.'
> > >
> > > Is the above statement true even if we
the application server containing Solr be firewalled
> such
> > the only clients with access to Solr are your own.'
> >
> > Is the above statement true even if we just display the read-only
> endpoints
> > to the public users? Can someone please advise?
> >
rg/solr/SolrSecurity
>
>
>
> --
> View this message in context:
> http://lucene.472066.n3.nabble.com/SOLR-Security-Displaying-endpoints-to-public-tp4109792.html
> Sent from the Solr - User mailing list archive at Nabble.com.
>
On 06 Jan 2014, at 19:37 , Shawn Heisey wrote:
> On 1/6/2014 11:18 AM, Shawn Heisey wrote:
>> Even if you disable admin handlers so that it's impossible to gather full
>> information about your schema and other settings, generating legitimate
>> queries is probably enough for an attacker to ge
On 1/6/2014 11:18 AM, Shawn Heisey wrote:
Even if you disable admin handlers so that it's impossible to gather
full information about your schema and other settings, generating
legitimate queries is probably enough for an attacker to get the
information they need.
Self-replying on this point:
On 1/6/2014 10:55 AM, Developer wrote:
We are currently showing the SOLR endpoints to the public when using our
application (public users would be able to view the SOLR endpoints (/select)
and the query in debugging console).
I am trying to figure out if there is any security threat in terms of
ext:
http://lucene.472066.n3.nabble.com/SOLR-Security-Displaying-endpoints-to-public-tp4109792.html
Sent from the Solr - User mailing list archive at Nabble.com.