Hi Aaron, Are you talking about Securing Lucene Index ?
If so You can try using https://code.google.com/p/lucenetransform/. Thanks and Regards Vignesh Srinivasan 9739135640 On Mon, Jun 24, 2013 at 11:21 AM, Aaron Greenspan <aar...@thinkcomputer.com>wrote: > Hi, > > Some more unsolicited feedback since my last experience setting up Solr… > > I am concerned that having a duplicate copy of a large part of my database > up on the internet at a guessable location, available for the world to see, > is probably not such a good idea. So I went to look up the various methods > available to secure Solr, and found that all of them are terrible, if > recent documentation is even available, which it's often not. Most of the > blog posts I found are from 2010, presumably long before the version I use > was created. > > According to the Solr Security wiki ( > http://wiki.apache.org/solr/SolrSecurity), it looks like you can edit > some XML files (if you can find them) in complex ways to turn on HTTP > authentication, or you can restrict the IP that Solr runs on. Less clear is > some way to change the default port number from 8983. > > The wiki itself is full of semi-useless information, which is pretty > infuriating since it's supposed to be the best source. The XML edits seem > to change for different versions of Solr. Statements like "standard Java > web security can be added by tuning the container and the Solr web > application configuration itself via web.xml" are not helpful to me. I > don't know what "standard Java web security" is, nor am I inclined to trust > it since "Java security" is already believed by many to be something of an > oxymoron. I don't have any idea where the file web.xml is--the default Solr > install is a nest of needlessly complex folders. (Is it the one at > ~/example/solr-webapp/webapp/WEB-INF/web.xml?) At the end of the page, > there is a reference to "server.xml", but according to my install there is > no such file. > > Basically, instead of (or at least on top of) this giant mess, the web > interface for Solr should prompt the user, before doing anything else, to > set up an administrative username and password, which one should be able to > optionally require for queries and/or updates. It's just common sense. If I > remember correctly, Netscape Enterprise Server prompted you to do that a > decade and a half ago, and the internet has gotten a lot less friendly > since then. You should also be able to limit the IP addresses that Solr > runs on through the web interface, and change the port if desired, (or > add/remove/edit users and passwords). > > The web server should also log when someone signs into the administrative > interface, and from what IP address. There's probably some way to do this > through the "Logging/Level" tree, but it's not exactly clear to me. > > In the meantime, I found that the approach most likely to work, and least > likely to take a week to implement, was just to use iptables to set up a > firewall on port 8983. Contrary to what one post on StackExchange (voted > -1) says, it works only if you do the ACCEPT rules (iptables -A INPUT -p > tcp -s xxx.xxx.xxx.xxx --dport 8983 -j ACCEPT) before the DROP all rule > (iptables -A INPUT -p tcp --dport 8983 -j DROP). But either way, that's a > pretty ridiculous solution. I don't know of any other server product that > disregards security so willingly. > > Aaron > > > Aaron Greenspan > President & CEO > Think Computer Corporation > > telephone +1 415 670 9350 > fax +1 415 373 3959 > e-mail aar...@thinkcomputer.com > web http://www.thinkcomputer.com > > > -- Thanks and Regards Vignesh Srinivasan 9739135640
