That's only one example, there are others, stream.body=<delete><id>blah</id></delete>. or <delete><query>id:*</query></delete>
Jack's comment is well taken, consider a real middleware application. Best Erick On Mon, Dec 3, 2012 at 5:28 PM, Iwan Hanjoyo <ihanj...@gmail.com> wrote: > > > > > > Note that Velocity _can_ be used for user-facing code, but be very sure > you > > secure your Solr. If you allow direct access, a user can easily enter > > something like http:// > > > <solr>/update?commit=true&stream.body=<delete><query>*:*</query></delete>. > > And all your documents will be gone. > > > > Hi Erickson, > > Thank you for the input. > I'll notice and filter out this url. > * http:// > <solr>/update?commit=true&stream.body=<delete><query>*:*</query></delete> > > Kind regards, > > Hanjoyo >
