Be aware that even /select could have some harmful effects, see
https://issues.apache.org/jira/browse/SOLR-2854 (addressed on trunk).
Even disregarding that issue, /select is a potential gateway to any request
handler defined via /select?qt=/req_handler
Again, in general it's not a good idea to expose Solr to anything but a
controlled app server.
Erik
On Nov 1, 2011, at 15:51 , Alireza Salimi wrote:
> What if we just expose '/select' paths - by firewalls and load balancers -
> and
> also use SSL and HTTP basic or digest access control?
>
> On Tue, Nov 1, 2011 at 2:20 PM, Chris Hostetter
> <[email protected]>wrote:
>
>>
>> : I was wondering if it's a good idea to expose Solr to the outside world,
>> : so that our clients running on smart phones will be able to use Solr.
>>
>> As a general rule of thumb, i would say that it is not a good idea to
>> expose solr directly to the public internet.
>>
>> there are exceptions to this rule -- AOL hosted some live solr instances
>> of the Sarah Palin emails for HufPo -- but it is definitely an expert
>> level type thing for people who are so familiar with solr they know
>> exactly what to lock down to make it "safe"
>>
>> for typical users: put an application between your untrusted users and
>> solr and only let that application generate "safe" welformed requests to
>> Solr...
>>
>> https://wiki.apache.org/solr/SolrSecurity
>>
>>
>> -Hoss
>>
>
>
>
> --
> Alireza Salimi
> Java EE Developer
