On 9/26/22 15:06, Victoria Stuart (VictoriasJourney.com) wrote:
To clarify - in my case the web page has an input / search element that connects to Solr (running in the background) via an Ajax script.
This is a very bad idea. You've given end users direct access to your Solr server, which you should never do. The application should talk to Solr, end users shouldn't be able to make a network connection to it at all. Even if you have worked out exactly how to keep the users from changing the index, they would be able to craft denial of service queries that would keep the Solr server too busy to function normally.
Would you let end users have direct access to your database server's network port, even with TLS and strong passwords? I wouldn't.
Thanks, Shawn
