The Solr administrative console, which is hosted by the IBM WebSphere Application Server administrative console, is not protected by default. If you deploy the Solr server outside your firewall and you do not secure access to the console before you begin indexing the IBM Rational ClearQuest database, then anyone who knows the console URL can search the full-text search index without authenticating. For example, in this scenario, a user who knows the Solr console URL might search the index for a social security number, and the search results might return a list of ClearQuest record DBIDs that contain the social security number. While the user cannot access the ClearQuest database by using the DBIDs returned in the search results, the user now knows that the social security number exists in the database.
If you have deployed the Solr server outside your firewall, follow the steps outlined in this topic to secure the WebSphere Application Server profile for ClearQuest full-text search and prevent unauthorized access to the search index.