Menu
I have a web app which gets its data from a Solr instance (Tomcat) Additional queries are done client side with AJAX, the data is directly pulled from Solr. Now this gives users the option to perform any query they like, and is of course a huge security hole. It's not a particular big issue for this particular app, but I'm curious at how to fix this. How to secure Solr, when client side AJAX calls are required? (Preferably I would solve this with PHP.)
565
Instead of querying solr directly, you could create a simple PHP wrapper that limits the types of queries that are possible. Then, the client queries this PHP script which then queries solr. Once you've done that, you can limit access to the solr server to localhost either through the firewall or with your Java applications server.
156
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
