I have a application that uses Angularjs and have database as Elastic Search. For Elastic Search the version is 1.3.1, so dynamic scripting is enabled by default. User can add data to elastic search from the application. So while searching how to avoid the injections that is the script injection in query of elastic search?
Depends how json is built, if it's something like "{query: {match:"%s"}}" then it's possible to pass a string to add more text to the script.
Check, if elasticsearch post open for everybody - you should close it
You should use groovy sandboxed scripting and limit libraries to be used.
Related
I developed a custom skillset that is called by an indexer within an Azure Cognitive Search Resource. It is possible to reuse this custom skillset with multiple indexers that are defined in a single Azure Cognitive Search Resource.
Is it possible to call that same skillset from an indexer that is in a different Azure Search Service Resource?
The MSFT Docs say that 'As a high-level resource, you can design a skillset once, and then reference it in multiple indexers.' - but it is unclear to me if or how you would reuse the skillset with an indexer that is in a different Azure Search Service Resource.
You can re-use the same skillset definition, but you'll need to create a new skillset instance for the other search service.
Yes, you can take the json definition of your skillset, and reuse it with multiple indexers in the same service, or in an indexer in a different service.
Here's an example of how I've done this at https://github.com/liamca/covid19search/tree/master/AzureCognitiveSearchService. This folder contains a Jupyter notebook to set up a Cognitive Search service, and the various pieces (skillset, indexer, index, etc.) are stored as .json and reused each time that you create a service.
If you typically use the Azure portal "Import data" experience, there isn't an easy way to use your skillset json during that workflow. So you could just select a single skill during "Import data", and after the "Import data" wizard is completed, then click on the skillset that was created with a single skill, and paste your custom skillset into that Skillset Definition (JSON) and click "Save".
I am learning how to develop a search application using solr.I have a website created using html where it has a search bar.
when the user enters a keywords to be searched it has to retrieve the matched records from data indexed into solr. my question is how to connect frontend
website with solr.
Please give me clear steps to implement the same.
There are different library for communication with solr, you can use depends on your technologies. some are ::
Solarium [PHP] :
Solarium is a PHP Solr client library that accurately model Solr concepts. Where many other Solr libraries only handle the communication with Solr, Solarium also relieves you of handling all the complex Solr query parameters using a well documented API.
https://github.com/solariumphp/solarium
Haystack [Django] :
Haystack provides modular search for Django. It features a unified, familiar API that allows you to plug in different search backends (such as Solr, Elasticsearch, Whoosh, Xapian, etc.) without having to modify your code.
https://django-haystack.readthedocs.io/en/master/
If you are using JavaScript you could use the Sorl REST API directly from the client.
There are various client APIs:
https://lucene.apache.org/solr/guide/6_6/client-apis.html
Im building a simple angular application and there is a small administrator panel for updating the content (a .json document). I'm looking for a way to edit the json document from the administrator panel.
I can manipulate the memory-loaded json but I can't save it. Is there a way to put the json file in some kind of cloud database and connect to it without setting up a server or backend for my application?
I want my application to be easily deployable on any ftp so I can't setup a nodeserver or install something like couchdb.
Any ideas are appreciated.
You could use a provider like Parse. It's free (up to a limit of requests/month), has a nice JavaScript SDK that would get you up and running quickly. https://parse.com/
Also, check out this query builder to aid in retrieving your data from Parse. It's built as an Angular service for easy integration. https://github.com/dpollot/parse-query
EDIT
Parse also offers hosting, for free.
I am wondering if I can use "analysis" feature of SOLR web admin (4.1) in my script. That is to get analyzed result given a string. I am guessing there should be some API that is utilized by the SOLR web admin
Or I would like to find a way to run an analyzer on some strings.
The analysis Admin page is just leveraging the AnaylsisRequestHandler behind the scenes to display the results. Please see the link for more details and an example.
I am going to build a website and I am planning to use solr for search integration.It is a ecommerce web site. I wanted to know if there is any problem in exposing the solr query format to the users of this website?
You want to have your search app query Solr, or use a proxy, so the URL is not exposed to the web user. I'm not so concerned about query syntax and parameters being visible, as long as the web user can't send them via query. You for certain want to make sure only the web app can reach the Solr server, however.
Even if you lock down the RequestHandlers so that only searches are available through the web, there still may be things in your index that you don't want to expose to customers.
For example, if two items score the same in a search, you'd like to boost the one with the higher margin. In order to do that you need to have the margin in your index, and that means it's available for all of your customers and competitors to see.
The JSON response writer is very handy for writing lightweight search apps. At the very least you'll want to implement a filtering proxy between the browser and Solr.
You absolutely do not want to expose Solr directly to users. Nor do you want to pass the format through without evaluation.
One of the thing that Solr supports is delete by query. There are other possibilities as well. You have to sanitize the content of queries.