lucene-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe <>
Subject Re: Lucene code injection?
Date Thu, 24 May 2007 13:14:09 GMT
> This sounds good. As for the code injection it is up to you to sanitize
> the request before it goes to lucene, probably by filling the email
> field yourself and not rely on the user input for the email address

I hoped i havent to sanitize the user input cause the email address 
query is ANDed by the
application, after the user finished his input.

(user_query) AND (email_query)

So is it possible to produce a user_query which will ignore the ANDed 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message