lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe <fischauto...@yahoo.de>
Subject Lucene code injection?
Date Thu, 24 May 2007 12:34:57 GMT
Hi,

I indexed emails. And now i want to restrict the search functionality for
users so they only can search for emails to/from him.

i know the email address of the user so my plan is to do it in the following
way:
The user enters some search parameters, they are combined in a query.
This is a mix of TermQueries and WildcardQueries combined with 
BooleanQueries.

This query i will combine with a TermQuery which include only hits with 
the email
address of the user. (parameter-query) AND (emailaddress-query)

Is this good practice?
And is this save?
Or can a user do some kind of code injection to get other emails?

---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org


Mime
View raw message