-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 31/05/13 08:45, Michael Nelson wrote: > On Thu, May 30, 2013 at 10:57 PM, Martin Albisetti > <[email protected] > <mailto:[email protected]>> wrote: >> - Bring up a new solr instance, that will be directly available >> to query from clients. It will contain only public data > > Using the solr query syntax is great, but I'm not sure that it's a > good idea to ever expose the solr instance publicly. I'd think we > should instead initially have a simple proxy which does very little > filtering to a firewalled solr instance [1]?
Agreed. The Solr documentation states plainly that security is not Solr's concern. My thoughts at this stage are that Solr syntax will be maintained, queries (reads) will be passed through unaltered (this is all public data after all), but updates (writes) will only be allowed from trusted sources, i.e. Software Centre Agent and possibly the Click Upload/Download Service. > That'll enable us not only to gradually add filters and only allow > certain queries through, but also to later add other index api > functionality that may not be based on solr query syntax. Exactly. I expect there'll be some tie-in to Ubuntu SSO and a sprinkling of OAuth along the way, as well as some sensible defaults to make things easier on the client side. Cheers, JT - -- James Tait, BSc. | https://launchpad.net/~jamestait/ Software Engineer, Canonical Online Services, Web and Ops Team Ubuntu - Linux for human beings | www.ubuntu.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEARECAAYFAlGohAUACgkQyDo4xMNTLibVAACg5WiergS0cL9tjRHkM1IrR6Bx puoAoJ3tYzfBAXe0SYX003fJG46H+OwJ =P0Yk -----END PGP SIGNATURE----- -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
