security - Locking down SOLR on ColdFusion 9 -

-

this might belong on serverfault, please move if does.

we discovered can list of solr indexes going to: http://example.com:8983/solr/ allows access solr admin each index. strikes as... bad thing. luckily though, locked down accessbile ip (our office ip via firewall), still means janitor can access our solr collections. not ideal.

one way circumvent has been remove admin folder, still allows people access http://example.com:8983/solr/ isn't ideal.

i've read through solr documentation on security, can't seem lock down access /solr/*. might case of looking @ wrong part of documentation.

using code documentation:

<security-constraint>   <web-resource-collection>     <web-resource-name>solr authenticated application</web-resource-name>     <url-pattern>/core1/*</url-pattern>   </web-resource-collection>   <auth-constraint>     <role-name>core1-role</role-name>   </auth-constraint> </security-constraint>  <login-config>   <auth-method>basic</auth-method>   <realm-name>test realm</realm-name> </login-config>

and replacing <url-pattern>/core1/*</url-pattern> actual solr collection name mean when visiting http://example.com:8983/solr/collection_name/ ask me login , password, however, when trying lock down /solr/* or * no such luck.

i'm using built in solr came cf9

is remote solr server or on same server cf9, if on same server cf9 can tell solr listen on 127.0.0.1. there patch cf 9.0.0 in 2010: http://www.adobe.com/support/security/bulletins/apsb10-04.html

if remote solr server, can use network firewall, or local firewall (windows firewall or iptables) limit access port (and possibly server) cf server.


Comments

Post a Comment

Popular posts from this blog

java - WrongTypeOfReturnValue exception thrown when unit testing using mockito -

-
my test list<person> mylist; @test public void testisvalidperson() { mylist = new arraylist<person>(); mylist.add(new person("tom")); when(persondao.get(person)).thenreturn(mylist); when((persondao.get(person)).isempty()).thenreturn(false);//------exception thrown boolean result = service.isvalid("tom"); assertfalse(result); } method tested: public boolean isvalid(string person){ persondao = new persondao(); person personobj = new person(person); return (persondao.get(person).isempty())?false : true; } exception thrown: org.mockito.exceptions.misusing.wrongtypeofreturnvalue: boolean cannot returned get() get() should return list *** if you're unsure why you're getting above error read on. due nature of syntax above problem might occur because: 1. exception *might* occur in wrongly written multi-threaded tests. please refer mockito faq on limitations of concurrency testing. 2. sp
Read more

php - Magento - Deleted Base url key -

-
i working on cleaning url: http://mydomain.com/shop/shop/deals i going through settings in configuration tab in admin panel on magento , change secure , unsecure base urls remove first base url "shop" web page read: http://mydomain.com/shop/deals so changed unsecure base urls mydomain.com/shop mydomain.com , secure 12.345.67.89/shop 12.345.67.89. wrong thing do. i cannot reload page or admin console. how access these files through ftp , change correctly there?? when make changes in admin panel changes made in database not in file. have make changes in database. 1.go database , select core_config_data table under table find web/unsecure/base_url , web/secure/base_url . make changes here. don't forget clear cache in var/cache folder
Read more

android - How to disable Button if EditText is empty ? -

-
i have edittext , button in application. when button clicked,the text entered in edittext added listview. i want disable button if edittext empty.how ? this code button click imagebutton imb=(imagebutton)findviewbyid(r.id.btn_send); imb.setonclicklistener(new onclicklistener() { @override public void onclick(view arg0) { edittext et = (edittext)findviewbyid(r.id.edittext1); string str = et.gettext().tostring(); web1.add(str); toast.maketext(shoutsingleprogram.this, "you entered...."+str, toast.length_short).show(); adapter1.notifydatasetchanged(); et.settext(""); } }); } how can ? edittext1.addtextchangedlistener(new textwatcher() { @override public void ontextchanged(charsequence s, int start, int before, in
Read more