Re: Lucene - Authentication
13 dec 2008 kl. 06.05 skrev Aaron Schon: Hi , if I have a Lucene index (or Solr) that is installed in client premises. how would you go about securing the index from being queries in unauthorized fashion. For example, from malicious users or hackers, or for that matter internal users trying to reengineer the system and use it for purposes other than the way licensed. any suggestions? You need to tell us a bit more about your application: what it does, what the index contains, what parts you don't want users to access, et c. Could you distribute an index that only contains the data the users are allowed to see? If not, why? My guess is that it will be hard. Anyone could reconstruct the documents from the index files. If you came up with some encryption of the index then you would have to distribute the key in the source code and that could be extracted using a decompiler, even if you obusticated the code. An obfusticated index could also be broken using decompiler. And if you allow users to place queries and see the results then it's probably possible to reconstruct the raw data that way. karl - To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org For additional commands, e-mail: java-user-h...@lucene.apache.org
Re: Lucene - Authentication
: X-Mailer: YahooMailRC/1155.45 YahooMailWebService/0.7.260.1 : References: 1229011161.7448.10.ca...@nuraku : 32a1c320812110848u302dd645h4143205068fe3...@mail.gmail.com : 1229015253.7448.12.ca...@nuraku : 295da8fe0812110932x3b31380dla64b09f1b09be...@mail.gmail.com : 1229018304.7448.24.ca...@nuraku : 295da8fe0812111733n529163a7r6fb51fec4db16...@mail.gmail.com : 1229085896.26037.0.ca...@nuraku 49426127.9060...@informatics.jax.org : 1229130748.24089.15.ca...@nuraku : Date: Fri, 12 Dec 2008 21:05:29 -0800 (PST) : Subject: Lucene - Authentication http://people.apache.org/~hossman/#threadhijack Thread Hijacking on Mailing Lists When starting a new discussion on a mailing list, please do not reply to an existing message, instead start a fresh email. Even if you change the subject line of your email, other mail headers still track which thread you replied to and your question is hidden in that thread and gets less attention. It makes following discussions in the mailing list archives particularly difficult. See Also: http://en.wikipedia.org/wiki/Thread_hijacking -Hoss - To unsubscribe, e-mail: java-user-unsubscr...@lucene.apache.org For additional commands, e-mail: java-user-h...@lucene.apache.org
