replication has no builtin security
On Wed, May 27, 2009 at 8:37 PM, Matthew Gregg <matthew.gr...@gmail.com> wrote: > I would like the to protect both reads and writes. Reads could have a > significant impact. I guess the answer is no, replication has no built > in security? > > On Wed, 2009-05-27 at 20:11 +0530, Noble Paul നോബിള് नोब्ळ् wrote: >> The question is what all do you wish to protect. >> There are 'read' as well as 'write' attributes . >> >> The reads are the ones which will not cause any harm other than >> consuming some cpu cycles. >> >> The writes are the ones which can change the state of the system. >> >> The slave uses the 'read' API's which i feel may not need to be protected >> >> The other API's methods can have security . say dnappull, diableSnapPoll etc >> >> >> >> On Wed, May 27, 2009 at 7:47 PM, Matthew Gregg <matthew.gr...@gmail.com> >> wrote: >> > On Wed, 2009-05-27 at 19:06 +0530, Noble Paul നോബിള് नोब्ळ् wrote: >> >> On Wed, May 27, 2009 at 6:48 PM, Matthew Gregg <matthew.gr...@gmail.com> >> >> wrote: >> >> > Does replication in 1.4 support passing credentials/basic auth? If not >> >> > what is the best option to protect replication? >> >> do you mean protecting the url /replication ? >> > Yes I would like to put /replication behind basic auth, which I can do, >> > but replication fails. I naively tried the obvious >> > http://user:p...@host/replication, but that fails. >> > >> >> >> >> ideally Solr is expected to run in an unprotected environment. if you >> >> wish to introduce some security it has to be built by you. >> >> > >> >> > >> > I guess you meant Solr is expected to run in a "protected" environment? >> > It's pretty easy to put up a basic auth in front of Solr, but the >> > replication infra. in 1.4 doesn't seem to support it. Or does it, and I >> > just don't know how? >> > >> > -- >> > Matthew Gregg <matthew.gr...@gmail.com> >> > >> > >> >> >> > -- > Matthew Gregg <matthew.gr...@gmail.com> > > -- ----------------------------------------------------- Noble Paul | Principal Engineer| AOL | http://aol.com