jackrabbit-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting" <jukka.zitt...@gmail.com>
Subject Re: spellchecker
Date Tue, 02 Oct 2007 08:04:24 GMT

On 10/1/07, Marcel Reutegger <marcel.reutegger@gmx.net> wrote:
> I'm about to write a spellchecker extension for the lucene query handler in
> jackrabbit.


Some concerns though, as I figure the spell checker would use the
search index as a dictionary. Can there be a case where this feature
could be used to circumvent access controls to retrieve isolated
pieces of content from read-protected documents? I guess the threat is
a bit theoretical, but how about a case where an attacker just wants
to know if a repository contains some specific material (a list of
specific names, etc.). The attacker could use the spellchecker as a
mechanism to find out if a workspace contains a document with a
specific name or keyword.

> I planned to use the lucene-spellchecker contrib, however I don't
> want to introduce another dependency in the jackrabbit-core. because the
> spellchecker contrib in lucene only includes a handful of classes I would prefer
> to copy the classes and refactor them into the jackrabbit package space.
> does anyone have a better idea how to handle this?

Would there be interest within the Lucene team to include the feature
in a future release of lucene-core?

I see where Felix is going with extra modules, but there's always a
cost in complexity with such modularity and I'm not sure if this
feature is worth that overhead.


Jukka Zitting

View raw message