lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Walter Underwood <wunderw...@netflix.com>
Subject Re: escaping characters and security
Date Tue, 06 Nov 2007 17:15:23 GMT
Solr queries can't do updates, so passing on raw user queries is OK.

Solr errors for bad query syntax are not pretty, so you will want to
catch those and print a real error message.

wunder

On 11/6/07 8:52 AM, "Micah Wedemeyer" <mwedeme@emory.edu> wrote:

> Are there any security risks to passing a query directly to Solr without
> doing any sort of escaping?  I am using URL encoding, so '&' and such
> are being encoded into their %XX equivalents.
> 
> Still, should I be doing anything else?  Is there such a thing as a
> Solr-injection attack?
> 
> Thanks,
> Micah


Mime
View raw message