On Sep 23, 2006, at 3:57 PM, Otis Gospodnetic wrote:
How about another approach - expose all Solr admin data via HTTP/
XML, just like it's done with search requests?
i think that would be fantastic. thinking of solr as a hard core
service above and beyond lucene exposing all of its internals via
request handlers is the way to go.
having the schema and solrconfig files exposed opens interesting
possibilities for a client to introspect solr to that degree already,
but even more so exposing text analysis tools like analysis.jsp,
spell checking and highlighting services, and including all the stats
data for the caches. yeah! i'm +1.
the inevitable question is where does security fit into the picture.
solr has a couple of options for that without making things complicated:
* secure solr behind a firewall that is only open to your front-
end application
* configuring the request handlers in solrconfig.xml (or by
default not opening admin ones unless you uncomment example
configuration) so clients have a narrowing view of the solr system
(heh) than it allows (like decommissioning Pluto)
i think solr probably ought to up front mention all the security
options currently available and cut to the chase on why anything more
sophisticated is out of its scope. perhaps some authentication/
authorization as well as HTTPS should eventually make it into the
core, but getting more fine grained is unnecessary. thoughts?
Erik
