On Mon, 2004-01-19 at 11:37, Erik Hatcher wrote: > On Jan 19, 2004, at 12:38 PM, Michael Oliver wrote: > >> - Find only documents the user is allowed to read > > > > Security should filter/mask the results. The index should likely NOT > > be > > doing this, the result set should pass through a filter. > > While these discussions are getting too "abstract" for me, on this > particular point I don't necessarily agree. Lucene has a "Filter" > concept that could be cached in session scope to allow a much more > rapid search capability by only searching on documents that the user is > allowed to see rather than doing some post-search filter on a > potentially large result set.
Thanks Erik, you are correct, except that in some implementations the security is of higher priority than performance. If I take you off the ACL on a resource, because I own it and I don't want you to see it any more....that has to be immediate and positive. If you are doing multiple searches in your session, you may have the ACL for that resource in your cache and you would get a hit on a search. Granted you likely wouldn't be able to GET it, but the hit may be enough to compromise security, the example I use is, if i search the HR memos for "Fire Ollie | Terminate Ollie" etc. and get a link....that tells me something....I may not be able to see the memo, but that doesn't matter. It certainly could be a tunable property such as "cache filters" or "security level A" or as you say a "zillion ways to implement". > > Of course, there are a zillion ways to implement the > search/security/metadata thing and as I've said, Lucene is my hammer > currently, but it is not the only or even the right solution > necessarily. > > Erik > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
