I have a web app which gets its data from a Solr instance (Tomcat) Additional queries are done client side with AJAX, the data is directly pulled from Solr. Now this gives users the option to perform any query they like, and is of course a huge security hole. It's not a particular big issue for this particular app, but I'm curious at how to fix this. How to secure Solr, when client side A开发者_如何学GoJAX calls are required? (Preferably I would solve this with PHP.)
Instead of querying solr directly, you could create a simple PHP wrapper that limits the types of queries that are possible. Then, the client queries this PHP script which then queries solr. Once you've done that, you can limit access to the solr server to localhost either through the firewall or with your Java applications server.
精彩评论