lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukáš Vlček <lukas.vl...@gmail.com>
Subject Re: New UI for SOLR-based projects
Date Sat, 31 Jan 2015 06:24:23 GMT
Nice work Roman!

Lukas

On Sat, Jan 31, 2015 at 4:36 AM, Roman Chyla <roman.chyla@gmail.com> wrote:

> I gather from your comment that I should update readme, because there could
> be people who would be inclined to use bumblebee development server in
> production: Beware those who enter through this gate! :-)
>
> Your point, that so far you haven't seen anybody share their middle layer
> can be addressed by pointing to the following projects:
>
> https://github.com/adsabs/solr-service
> https://github.com/adsabs/adsws
>
> These are also open source, we use them in production, and have oauth,
> microservices, rest, and rate limits, we know it is not perfect, but what
> is? ;-) pull requests welcome!
>
> Thanks,
>
> Roman
> On 30 Jan 2015 21:51, "Shawn Heisey" <apache@elyograg.org> wrote:
>
> > On 1/30/2015 1:07 PM, Roman Chyla wrote:
> > > There exists a new open-source implementation of a search interface for
> > > SOLR. It is written in Javascript (using Backbone), currently in
> version
> > > v1.0.19 - but new features are constantly coming. Rather than
> describing
> > it
> > > in words, please see it in action for yourself at
> http://ui.adslabs.org
> > -
> > > I'd recommend exploring facets, the query form, and visualizations.
> > >
> > > The code lives at: http://github.com/adsabs/bumblebee
> >
> > I have no wish to trivialize the work you've done.  I haven't looked
> > into the code, but a high-level glance at the documentation suggests
> > that you've put a lot of work into it.
> >
> > I do however have a strong caveat for your users.  I'm the guy holding
> > the big sign that says "the end is near" to anyone who will listen!
> >
> > By itself, this is an awesome tool for prototyping, but without some
> > additional expertise and work, there are severe security implications.
> >
> > If this gets used for a public Internet facing service, the Solr server
> > must be accessible from the end user's machine, which might mean that it
> > must be available to the entire Internet.
> >
> > If the Solr server is not sitting behind some kind of intelligent proxy
> > that can detect and deny aattempts to access certain parts of the Solr
> > API, then Solr will be wide open to attack.  A knowledgeable user that
> > has unfiltered access to a Solr server will be able to completely delete
> > the index, change any piece of information in the index, or send denial
> > of service queries that will make it unable to respond to legitimate
> > traffic.
> >
> > Setting up such a proxy is not a trivial task.  I know that some people
> > have done it, but so far I have not seen anyone share those
> > configurations.  Even with such a proxy, it might still be possible to
> > easily send denial of service queries.
> >
> > I cannot find any information in your README or the documentation links
> > that mentions any of these concerns.  I suspect that many who
> > incorporate this client into their websites will be unaware that their
> > setup may be insecure, or how to protect it.
> >
> > Thanks,
> > Shawn
> >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message