lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norberto Meijome <numard...@gmail.com>
Subject Re: Solr document security
Date Thu, 25 Jun 2009 11:43:39 GMT
On Wed, 24 Jun 2009 23:20:26 -0700 (PDT)
pof <MelbourneBeerBaron@gmail.com> wrote:

> 
> Hi, I am wanting to add document-level security that works as following: An
> external process makes a query to the index, depending on their security
> allowences based of a login id a list of hits are returned minus any the
> user are meant to know even exist. I was thinking maybe a custom filter with
> a JDBC connection to check security of the user vs. the document. I'm not
> sure how I would add the filter or how to write the filter or how to get the
> login id from a GET parameter. Any suggestions, comments etc.?

Hi Brett,
(keeping in mind that i've been away from SOLR for 8 months, but i
dont think this was added of late)

standard approach is to manage security @ your
application layer, not @ SOLR. ie, search, return documents (which should
contain some kind of data to identify their ACL ) and then you can decide
whether to show it or not. 

HIH
_________________________
{Beto|Norberto|Numard} Meijome

"They never open their mouths without subtracting from the sum of human
knowledge." Thomas Brackett Reed

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.

Mime
View raw message