ubuntu-appstore-developers team mailing list archive

[James Tait <james.tait@xxxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 31/05/13 08:45, Michael Nelson wrote:
> On Thu, May 30, 2013 at 10:57 PM, Martin Albisetti 
> <martin.albisetti@xxxxxxxxxxxxx
> <mailto:martin.albisetti@xxxxxxxxxxxxx>> wrote:
>> - Bring up a new solr instance, that will be directly available
>> to query from clients. It will contain only public data
> 
> Using the solr query syntax is great, but I'm not sure that it's a
> good idea to ever expose the solr instance publicly. I'd think we
> should instead initially have a simple proxy which does very little
> filtering to a firewalled solr instance [1]?

Agreed.  The Solr documentation states plainly that security is not
Solr's concern.  My thoughts at this stage are that Solr syntax will
be maintained, queries (reads) will be passed through unaltered (this
is all public data after all), but updates (writes) will only be
allowed from trusted sources, i.e. Software Centre Agent and possibly
the Click Upload/Download Service.

> That'll enable us not only to gradually add filters and only allow 
> certain queries through, but also to later add other index api 
> functionality that may not be based on solr query syntax.

Exactly.  I expect there'll be some tie-in to Ubuntu SSO and a
sprinkling of OAuth along the way, as well as some sensible defaults
to make things easier on the client side.

Cheers,

JT
- -- 
James Tait, BSc. | https://launchpad.net/~jamestait/
Software Engineer, Canonical Online Services, Web and Ops Team
Ubuntu - Linux for human beings | www.ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlGohAUACgkQyDo4xMNTLibVAACg5WiergS0cL9tjRHkM1IrR6Bx
puoAoJ3tYzfBAXe0SYX003fJG46H+OwJ
=P0Yk
-----END PGP SIGNATURE-----