You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@lucene.apache.org by Bryan Doherty <br...@gmail.com> on 2009/07/01 13:55:29 UTC
Quesion about the index directory security
Currently I am using Sybase with Hibernate for my database needs. I've been
implementing Hibernate Search (HS) and it works very well. I use Sybase
because of the Row Level Security package. But that is suddenly not valid
when using HS because it blindly indexes the data. Is there a way to
simulate Row Level Access on that indexed data? Meaning when whatever class
talks to that directory, it would know about the current user and search the
indexed data. If a piece of data matches, the class would check the
permissions(just extra fields), and if the user does NOT have permissions to
view that piece of data, it wouldn't even leave the index directory.
I could implement something in Java land that would filter the data when it
is returned to whoever calls it but that goes against the security
requirements I am working with.
Thanks
Bryan
Re: Quesion about the index directory security
Posted by Emmanuel Bernard <em...@hibernate.org>.
Have you looked at the Hibernate Search declarative filter feature which
is some bells and whistles on top of the Lucene filter feature.
Typically you would keep the credential levels in the document and
filter by the user's credential.
On Wed, 2009-07-01 at 07:55 -0400, Bryan Doherty wrote:
> Currently I am using Sybase with Hibernate for my database needs. I've been
> implementing Hibernate Search (HS) and it works very well. I use Sybase
> because of the Row Level Security package. But that is suddenly not valid
> when using HS because it blindly indexes the data. Is there a way to
> simulate Row Level Access on that indexed data? Meaning when whatever class
> talks to that directory, it would know about the current user and search the
> indexed data. If a piece of data matches, the class would check the
> permissions(just extra fields), and if the user does NOT have permissions to
> view that piece of data, it wouldn't even leave the index directory.
>
> I could implement something in Java land that would filter the data when it
> is returned to whoever calls it but that goes against the security
> requirements I am working with.
>
> Thanks
> Bryan
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@lucene.apache.org
For additional commands, e-mail: java-user-help@lucene.apache.org