lucene-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ken Krugler <>
Subject Re: Lucene authentication
Date Sat, 13 Dec 2008 17:36:27 GMT

>if I have a Lucene index (or Solr) that is installed in client 
>premises. how would you go about securing the index from being 
>queries in unauthorized fashion. For example, from malicious users 
>or hackers, or for that matter "internal" users trying to reengineer 
>the system and use it for purposes other than the way licensed.
>any suggestions?

If all you care about is authentication, then just put something like 
Apache with .htaccess in front of whatever GUI you've got that 
exposes the index search functionality.

If you also need authorization (access control) for specific bits of 
content, then see the Solr list for various discussions about how to 
extend the index with ACL info that gets implicitly used with all 

-- Ken
Ken Krugler
Krugle, Inc.
+1 530-210-6378
"If you can't find it, you can't fix it"

View raw message