I gather from your comment that I should update readme, because there could be people who would be inclined to use bumblebee development server in production: Beware those who enter through this gate! :-)
Your point, that so far you haven't seen anybody share their middle layer can be addressed by pointing to the following projects: https://github.com/adsabs/solr-service https://github.com/adsabs/adsws These are also open source, we use them in production, and have oauth, microservices, rest, and rate limits, we know it is not perfect, but what is? ;-) pull requests welcome! Thanks, Roman On 30 Jan 2015 21:51, "Shawn Heisey" <apa...@elyograg.org> wrote: > On 1/30/2015 1:07 PM, Roman Chyla wrote: > > There exists a new open-source implementation of a search interface for > > SOLR. It is written in Javascript (using Backbone), currently in version > > v1.0.19 - but new features are constantly coming. Rather than describing > it > > in words, please see it in action for yourself at http://ui.adslabs.org > - > > I'd recommend exploring facets, the query form, and visualizations. > > > > The code lives at: http://github.com/adsabs/bumblebee > > I have no wish to trivialize the work you've done. I haven't looked > into the code, but a high-level glance at the documentation suggests > that you've put a lot of work into it. > > I do however have a strong caveat for your users. I'm the guy holding > the big sign that says "the end is near" to anyone who will listen! > > By itself, this is an awesome tool for prototyping, but without some > additional expertise and work, there are severe security implications. > > If this gets used for a public Internet facing service, the Solr server > must be accessible from the end user's machine, which might mean that it > must be available to the entire Internet. > > If the Solr server is not sitting behind some kind of intelligent proxy > that can detect and deny aattempts to access certain parts of the Solr > API, then Solr will be wide open to attack. A knowledgeable user that > has unfiltered access to a Solr server will be able to completely delete > the index, change any piece of information in the index, or send denial > of service queries that will make it unable to respond to legitimate > traffic. > > Setting up such a proxy is not a trivial task. I know that some people > have done it, but so far I have not seen anyone share those > configurations. Even with such a proxy, it might still be possible to > easily send denial of service queries. > > I cannot find any information in your README or the documentation links > that mentions any of these concerns. I suspect that many who > incorporate this client into their websites will be unaware that their > setup may be insecure, or how to protect it. > > Thanks, > Shawn > >