lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Deepan <codesheph...@gmail.com>
Subject Re: lucene injection
Date Thu, 21 Dec 2006 10:07:07 GMT
On Thu, 2006-12-21 at 05:04 -0500, Erik Hatcher wrote:
> On Dec 21, 2006, at 4:56 AM, Deepan wrote:
> > I am bothered about security problems with lucene. Is it vulnerable to
> > any kind of injection like mysql injection? many times the query from
> > user is passed to lucene for search without validating.
> 
> Rest easy.  There are no known security issues with Lucene, and it  
> has even undergone a recent static code analysis by Fortify (see the  
> lucene-dev e-mail list archives).  Unlike SQL, there is no  
> destructive behavior available through the QueryParser.
thanks Erik,  

> 
> 	Erik
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
> For additional commands, e-mail: java-user-help@lucene.apache.org
> 
-- 


---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org


Mime
View raw message