Protect access to the full-text search service by securing
the Solr administrative console.
About this task
The Solr administrative console, which is hosted by the IBM
WebSphere Application Server administrative console, is not protected
by default. If you deploy the Solr server outside your firewall and
you do not secure access to the console before you begin indexing
the IBM Rational ClearQuest database, then anyone who knows the console
URL can search the full-text search index without authenticating.
For example, in this scenario, a user who knows the Solr console URL
might search the index for a social security number, and the search
results might return a list of ClearQuest record DBIDs that contain
the social security number. While the user cannot access the ClearQuest
database by using the DBIDs returned in the search results, the user
now knows that the social security number exists in the database.
If
you have deployed the Solr server outside your firewall, follow the
steps outlined in this topic to secure the WebSphere Application Server
profile for ClearQuest full-text search and prevent unauthorized access
to the search index.