On Jul 11, 2008, at 11:08 AM, Noble Paul നോബിള് नोब्ळ् wrote:
It is not a recommended practice to expose Solr to the end-users because it is so easy to bring down the server if the user knows that it is a Solr server. We must devise a good mechanism to filter the kind of commands that can be served .
If all the request handlers were turned off but a /select constrained to dismax, what vulnerabilities exist?
Erik