On Jun 11, 2010, at 9:53 AM, Caleb James DeLisle wrote: > Is it secure?
I don't feel that's a good enough reason not to use it since it would mean that we would never use any new API. If we want to use it, we can review it from a security POV. That said, it looks secure, see http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-query/manager/src/main/java/org/xwiki/query/internal/SecureQueryExecutorManager.java > The searchDocuments function has the benefit of having had a lot of security > review. Well the Query Manager has had the benefit of being written after searchDocument, thus inheriting from best practices. Thanks -Vincent > Vincent Massol wrote: >> Hi devs, >> >> I'm wondering why we haven't moved to using XQL instead of HQL. >> >> Any reason? >> >> If not, I'd like to suggest we start using it everywhere we currently use >> HQL since XWQL since is much nicer. Also since we don't use it our users >> don't use it. >> >> Additionally I'd like to propose that we move to a ScriptService to access >> the query manager. >> >>> From Velocity you'd write the following to get a Query: >> $services.query.xwql("....") >> >> Note that the ScriptService implementation would replace the >> SecureQueryManager implementation. >> >> We would also deprecate XWiki.getQueryManager. >> >> WDYT? >> >> Thanks >> -Vincent _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
