lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erick Erickson <erickerick...@gmail.com>
Subject Re: How to change Solr UI
Date Tue, 04 Dec 2012 05:10:53 GMT
That's only one example, there are others,
stream.body=<delete><id>blah</id></delete>. or
<delete><query>id:*</query></delete>

Jack's comment is well taken, consider a real middleware application.


Best
Erick


On Mon, Dec 3, 2012 at 5:28 PM, Iwan Hanjoyo <ihanjoyo@gmail.com> wrote:

> >
> >
> > Note that Velocity _can_ be used for user-facing code, but be very sure
> you
> > secure your Solr. If you allow direct access, a user can easily enter
> > something like http://
> >
> <solr>/update?commit=true&stream.body=<delete><query>*:*</query></delete>.
> > And all your documents will be gone.
> >
> > Hi Erickson,
>
> Thank you for the input.
> I'll notice and filter out this url.
> * http://
> <solr>/update?commit=true&stream.body=<delete><query>*:*</query></delete>
>
> Kind regards,
>
> Hanjoyo
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message