ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Server-side plan

To: James Tait <james.tait@xxxxxxxxxxxxx>
From: Ricardo Kirkner <ricardo.kirkner@xxxxxxxxxxxxx>
Date: Fri, 31 May 2013 08:58:54 -0300
Cc: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <51A88405.4010603@canonical.com>

On Fri, May 31, 2013 at 8:05 AM, James Tait <james.tait@xxxxxxxxxxxxx>wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 31/05/13 08:45, Michael Nelson wrote:
> > On Thu, May 30, 2013 at 10:57 PM, Martin Albisetti
> > <martin.albisetti@xxxxxxxxxxxxx
> > <mailto:martin.albisetti@xxxxxxxxxxxxx>> wrote:
> >> - Bring up a new solr instance, that will be directly available
> >> to query from clients. It will contain only public data
> >
> > Using the solr query syntax is great, but I'm not sure that it's a
> > good idea to ever expose the solr instance publicly. I'd think we
> > should instead initially have a simple proxy which does very little
> > filtering to a firewalled solr instance [1]?
>
> Agreed.  The Solr documentation states plainly that security is not
> Solr's concern.  My thoughts at this stage are that Solr syntax will
> be maintained, queries (reads) will be passed through unaltered (this
> is all public data after all), but updates (writes) will only be
> allowed from trusted sources, i.e. Software Centre Agent and possibly
> the Click Upload/Download Service.
>

How is this auth supposed to work? Shall we add authentication to the
request itself (for SCA) or will this be allowed based on an IP address
check? If the former, what kind of auth shall we use, plain, oauth?


>
> > That'll enable us not only to gradually add filters and only allow
> > certain queries through, but also to later add other index api
> > functionality that may not be based on solr query syntax.
>
> Exactly.  I expect there'll be some tie-in to Ubuntu SSO and a
> sprinkling of OAuth along the way, as well as some sensible defaults
> to make things easier on the client side.
>
> Cheers,
>
> JT
> - --
> James Tait, BSc. | https://launchpad.net/~jamestait/
> Software Engineer, Canonical Online Services, Web and Ops Team
> Ubuntu - Linux for human beings | www.ubuntu.com
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.12 (GNU/Linux)
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlGohAUACgkQyDo4xMNTLibVAACg5WiergS0cL9tjRHkM1IrR6Bx
> puoAoJ3tYzfBAXe0SYX003fJG46H+OwJ
> =P0Yk
> -----END PGP SIGNATURE-----
>
> --
> Mailing list: https://launchpad.net/~ubuntu-appstore-developers
> Post to     : ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers
> More help   : https://help.launchpad.net/ListHelp
>

Follow ups

Re: Server-side plan
From: James Tait, 2013-05-31

References

Server-side plan
From: Martin Albisetti, 2013-05-30
Re: Server-side plan
From: Michael Nelson, 2013-05-31
Re: Server-side plan
From: James Tait, 2013-05-31