Vijayant Kumar wrote:
Hi Xavier,
Thanks for your feedback
the firewall rule for the trusted IP is not fessiable for us because the
application is open for public so we can not work through IP banning.
Vijayant Kumar wrote:
Hi Group,
I need some feedback on solr security.
For Making by solr admin password protected,
I had used the Path Based Authentication form
http://wiki.apache.org/solr/SolrSecurity.
In this way my admin area,search,delete,add to index is protected.But
Now
when I make solr authenticated then for every update/delete from the
fornt
end is blocked without authentication.
I do not need this authentication from the front end so I simply pass
the
username and password to the solr in my fornt end scripts and it is
working fine. I had done it in the below way.
http://username:passw...@localhost:8983/solr/admin/update
I need your suggestion and feed back on the above method.Is it fessiable
method and secure? TO over come from this issue is there any alternate
method?
Hey,
there is at least another solution. You can set a firewall rule that
allow connections to the Solr's port only from trusted IPs.
Do your users connect directly to Solr ?
I mean, the firewall rule is for the solr client, i.e. the computer that
host the application that connect to Solr.
