lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Walter Underwood <wunderw...@netflix.com>
Subject Re: escaping characters and security
Date Tue, 06 Nov 2007 17:17:55 GMT
Also, this page has a list of special characters that you may want
to escape:

  http://lucene.apache.org/java/docs/queryparsersyntax.html

wunder

On 11/6/07 9:15 AM, "Walter Underwood" <wunderwood@netflix.com> wrote:

> Solr queries can't do updates, so passing on raw user queries is OK.
> 
> Solr errors for bad query syntax are not pretty, so you will want to
> catch those and print a real error message.
> 
> wunder
> 
> On 11/6/07 8:52 AM, "Micah Wedemeyer" <mwedeme@emory.edu> wrote:
> 
>> Are there any security risks to passing a query directly to Solr without
>> doing any sort of escaping?  I am using URL encoding, so '&' and such
>> are being encoded into their %XX equivalents.
>> 
>> Still, should I be doing anything else?  Is there such a thing as a
>> Solr-injection attack?
>> 
>> Thanks,
>> Micah
> 


Mime
View raw message