On 06 Jan 2014, at 19:37 , Shawn Heisey <s...@elyograg.org> wrote: > On 1/6/2014 11:18 AM, Shawn Heisey wrote: >> Even if you disable admin handlers so that it's impossible to gather full >> information about your schema and other settings, generating legitimate >> queries is probably enough for an attacker to get the information they need. > > Self-replying on this point: If you *don't* disable admin handlers, an > attacker would also be able to simply unload the core and ask Solr to delete > it from disk. > > A side effect of disabling admin handlers is that the admin UI won't work > either. In terms of security hardening, that's a good thing ... but it makes > it *very* difficult to gather useful information about your installation's > health. >
If you want to apply some sort of access restrictions on the content, you will need a mechanism to identify the user and add parameters to restrict the result set. You will also need to stop the user from circumventing this mechanism, which basically means that the "raw" Solr endpoints must not be accessible to the user.
