That URL to your Solr Admin page should never be exposed to the outside world. You can play with network, routing, DNS and other similar things to make sure one can't get to this from the outside even if the URL is know.
Otis -- Sematext -- http://sematext.com/ -- Lucene - Solr - Nutch ----- Original Message ---- > From: pof <melbournebeerba...@gmail.com> > To: solr-user@lucene.apache.org > Sent: Thursday, June 25, 2009 7:40:12 PM > Subject: Re: Solr document security > > > Thats what I was going to do originally, however what is stopping a user from > simply running a search through http://localhost:8983/solr/admin/ of the > index server? > > > Norberto Meijome-6 wrote: > > > > On Wed, 24 Jun 2009 23:20:26 -0700 (PDT) > > pof wrote: > > > >> > >> Hi, I am wanting to add document-level security that works as following: > >> An > >> external process makes a query to the index, depending on their security > >> allowences based of a login id a list of hits are returned minus any the > >> user are meant to know even exist. I was thinking maybe a custom filter > >> with > >> a JDBC connection to check security of the user vs. the document. I'm not > >> sure how I would add the filter or how to write the filter or how to get > >> the > >> login id from a GET parameter. Any suggestions, comments etc.? > > > > Hi Brett, > > (keeping in mind that i've been away from SOLR for 8 months, but i > > dont think this was added of late) > > > > standard approach is to manage security @ your > > application layer, not @ SOLR. ie, search, return documents (which should > > contain some kind of data to identify their ACL ) and then you can decide > > whether to show it or not. > > > > HIH > > _________________________ > > {Beto|Norberto|Numard} Meijome > > > > "They never open their mouths without subtracting from the sum of human > > knowledge." Thomas Brackett Reed > > > > I speak for myself, not my employer. Contents may be hot. Slippery when > > wet. > > Reading disclaimers makes you go blind. Writing them is worse. You have > > been > > Warned. > > > > > > -- > View this message in context: > http://www.nabble.com/Solr-document-security-tp24197620p24212752.html > Sent from the Solr - User mailing list archive at Nabble.com.
