Hi Mike, On Wed, Mar 27, 2013 at 12:50 PM, Mike Müller <[email protected]> wrote: > ...It shouldn't scare at all: With or without the use of sanitizeQuery, the > resulting > list of resources (or the resulting resource) is checked against security > anyway...
ok, good then. > ...The use case is very simple as showed above: > If a query returns a lot of resources but the querying user does only have > access > to a few of these resources, sanitizeQuery could change the query in a way > that > only a few resources will be returned from the resource provider. Without > sanitizeQuery it can take quite a long time to check each and every resource > with > getReadableResource() if the querying user has read access to the resource... So it is optimizeQuery really ;-) -Bertrand
