Dear Wiki user, You have subscribed to a wiki page or wiki category on "Solr Wiki" for change notification.
The following page has been changed by MatthiasEpheser: http://wiki.apache.org/solr/SolrJS ------------------------------------------------------------------------------ - = SolrJs = - == About == SolrJs is a javascript client library that is topic of a 2008 google summer of code project. It is currently work in progress, this page is intended to show the project's status, some technical documentation and a collection of thoughts about future features. The current trunk is accessible at [http://solrstuff.org/svn/solrjs/trunk] @@ -163, +161 @@ }}} + + == Security concerns == + + As we have to access the solr web app directly to get the json data, a discussion about security was raised on the user list. See Ryan's posting about a single, restricted request handler that only allows selects (NO updates and deletes) [http://www.nabble.com/Announcement-of-Solr-Javascript-Client-to17462581.html#a17462581]. This "ProxyServlet" even could check and modify some parameters to avoid dos attacks or similar (eg. restricting &rows= to a reasonable maximum). Using the jQuery-getJSON method makes it possible to create cross site json requests, so we even can attach this restricted read-only url path to the solr webapp. Every user may then point the javascript client to eg.http://solrserver/readonly/ +
