I'm pondering the viability of running Solr as effectively a UI
server... what I mean by that is having a public facing browser-based
application hitting a Solr backend directly for JSON, XML, etc data.
I know folks are doing this (I won't name names, in case this thread
comes up with any vulnerabilities that would effect such existing
environments).
Let's just assume a typical deployment environment... replicated
Solr's behind a load balancer, maybe even a caching proxy.
What known vulnerabilities are there in Solr 1.3, for example?
What I think we can get out this is a Solr deployment configuration
suitable for direct browser access, but we're not safely there yet are
we? Is this an absurd goal? Must we always have a moving piece
between browser and data/search servers?
Thanks,
Erik