if I have a Lucene index (or Solr) that is installed in client
premises. how would you go about securing the index from being
queries in unauthorized fashion. For example, from malicious users
or hackers, or for that matter "internal" users trying to reengineer
the system and use it for purposes other than the way licensed.
any suggestions?
If all you care about is authentication, then just put something like
Apache with .htaccess in front of whatever GUI you've got that
exposes the index search functionality.
If you also need authorization (access control) for specific bits of
content, then see the Solr list for various discussions about how to
extend the index with ACL info that gets implicitly used with all
queries.
-- Ken
--
Ken Krugler
Krugle, Inc.
+1 530-210-6378
"If you can't find it, you can't fix it"
