lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Hatcher <>
Subject Re: lucene injection
Date Thu, 21 Dec 2006 10:04:52 GMT

On Dec 21, 2006, at 4:56 AM, Deepan wrote:
> I am bothered about security problems with lucene. Is it vulnerable to
> any kind of injection like mysql injection? many times the query from
> user is passed to lucene for search without validating.

Rest easy.  There are no known security issues with Lucene, and it  
has even undergone a recent static code analysis by Fortify (see the  
lucene-dev e-mail list archives).  Unlike SQL, there is no  
destructive behavior available through the QueryParser.


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message