Solr does not do security itself. Servlet containers usually support various security options: account/password through HTTP authentication (very weak security) and certificates (very strong security) are what I would look at first.
Lance -----Original Message----- From: Wagner,Harry [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 9:25 AM To: solr-user@lucene.apache.org Subject: RE: Solr and security One effective method is to block access to the port Solr runs on. Force application access to come thru the HTTP server, and let it map to the application server (i.e., like mod_jk does for for Apache & Tomcat). Simple, but effective. Cheers! harry -----Original Message----- From: Cool Coder [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 24, 2007 12:17 PM To: solr-user@lucene.apache.org Subject: Solr and security Hi Group, As far as I know, to use solr, we need to deploy it as a server and communicate to solr using http protocol. How about its security? i.e. how can we ensure that it only accepts request from predefined set of users only. Is there any way we can specify this in solr or solr depends only on web server security model. I am not sure whether my interpretation is right? Your suggestion/input? - BR __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
