lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Hatcher <e...@ehatchersolutions.com>
Subject Re: lucene injection
Date Thu, 21 Dec 2006 10:04:52 GMT

On Dec 21, 2006, at 4:56 AM, Deepan wrote:
> I am bothered about security problems with lucene. Is it vulnerable to
> any kind of injection like mysql injection? many times the query from
> user is passed to lucene for search without validating.

Rest easy.  There are no known security issues with Lucene, and it  
has even undergone a recent static code analysis by Fortify (see the  
lucene-dev e-mail list archives).  Unlike SQL, there is no  
destructive behavior available through the QueryParser.

	Erik


---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org


Mime
View raw message