← Back to team overview

ubuntu-appstore-developers team mailing list archive

Re: Server-side plan

 

On Fri, May 31, 2013 at 8:05 AM, James Tait <james.tait@xxxxxxxxxxxxx>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 31/05/13 08:45, Michael Nelson wrote:
> > On Thu, May 30, 2013 at 10:57 PM, Martin Albisetti
> > <martin.albisetti@xxxxxxxxxxxxx
> > <mailto:martin.albisetti@xxxxxxxxxxxxx>> wrote:
> >> - Bring up a new solr instance, that will be directly available
> >> to query from clients. It will contain only public data
> >
> > Using the solr query syntax is great, but I'm not sure that it's a
> > good idea to ever expose the solr instance publicly. I'd think we
> > should instead initially have a simple proxy which does very little
> > filtering to a firewalled solr instance [1]?
>
> Agreed.  The Solr documentation states plainly that security is not
> Solr's concern.  My thoughts at this stage are that Solr syntax will
> be maintained, queries (reads) will be passed through unaltered (this
> is all public data after all), but updates (writes) will only be
> allowed from trusted sources, i.e. Software Centre Agent and possibly
> the Click Upload/Download Service.
>

How is this auth supposed to work? Shall we add authentication to the
request itself (for SCA) or will this be allowed based on an IP address
check? If the former, what kind of auth shall we use, plain, oauth?


>
> > That'll enable us not only to gradually add filters and only allow
> > certain queries through, but also to later add other index api
> > functionality that may not be based on solr query syntax.
>
> Exactly.  I expect there'll be some tie-in to Ubuntu SSO and a
> sprinkling of OAuth along the way, as well as some sensible defaults
> to make things easier on the client side.
>
> Cheers,
>
> JT
> - --
> James Tait, BSc. | https://launchpad.net/~jamestait/
> Software Engineer, Canonical Online Services, Web and Ops Team
> Ubuntu - Linux for human beings | www.ubuntu.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlGohAUACgkQyDo4xMNTLibVAACg5WiergS0cL9tjRHkM1IrR6Bx
> puoAoJ3tYzfBAXe0SYX003fJG46H+OwJ
> =P0Yk
> -----END PGP SIGNATURE-----
>
> --
> Mailing list: https://launchpad.net/~ubuntu-appstore-developers
> Post to     : ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

References