If you really want to take all of the data, use a cursorMark. 😉 Op vr 2 sep. 2022 om 18:38 schreef Dave <hastings.recurs...@gmail.com>:
> Exactly. This is a serious security loophole you would be opening up. What > if I just ask for *:* and 500000000 rows to just, take all of your data, > while crashing your server, and just keep doing it in 20 simultaneous > calls until it dies, and even if you wake it up I’ll just turn it back on > and wreck it again to the point you just, won’t have a search server by the > time I’m done? At the very least no one else will get results unless you > have some really good metal, at which point I up the simultaneous count > until it just can’t serve. > > Just a thought, > > > > On Sep 2, 2022, at 12:30 PM, Shawn Heisey <apa...@elyograg.org.invalid> > wrote: > > > > On 9/1/22 19:06, Victoria Stuart (VictoriasJourney.com) wrote: > >> I am moving from client-side (my personal local host environment; > Linux) to Solr running as a standalone backend server on a cloud VPS. > >> > >> The web domain (mine) is SSL-only, and Solr is SSL-enabled with a > signed (Let's Encrypt) certificate. My domain index.html page includes a > search interface (input element) to Solr. > >> > >> I am largely unfamiliar with deployment of Solr to the web. > >> > >> SSL etc. is enabled in "solr.in.sh", as is Basic Authentication. > "security.json" is present in "$SOLR_HOME". Access to the Admin UI is > password-protected (my Solr administrator username, password) with "admin" > role / privileges in Solr. > >> > >> I want to allow anonymous (i.e. any) users to be able search the site; > however they are being required to log in to Solr. > >> > >> How do I enable this - either in the Admin UI Security pane, or > manually-editing "security.json"? > > > > You should NOT allow any IP address get to Solr's port other than your > applications and trusted admins. If you follow that advice, then you > probably don't even need authentication, just a restriction of source IP > addresses. If somebody compromises your application(s), then they would be > able to get to Solr ... but that would also be the case even if you have > authentication. > > > > End users should be using your application to do their searches, not a > direct connection to Solr. > > > > Thanks, > > Shawn > > >
