Hi,
I've used Solr a little at work where we have our own hardware with all
the memory we want. However, I would also like to use Solr on a
small-ish website that I run off of a VPS with 512MB of RAM. I tried
this (untuned) for a while, and Tomcat/Solr would just grab up all my
memory
Are there any security risks to passing a query directly to Solr without
doing any sort of escaping? I am using URL encoding, so '' and such
are being encoded into their %XX equivalents.
Still, should I be doing anything else? Is there such a thing as a
Solr-injection attack?
Thanks,
Micah
queries can't do updates, so passing on raw user queries is OK.
Solr errors for bad query syntax are not pretty, so you will want to
catch those and print a real error message.
wunder
On 11/6/07 8:52 AM, Micah Wedemeyer [EMAIL PROTECTED] wrote:
Are there any security risks to passing a query