You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tinkerpop.apache.org by sp...@apache.org on 2023/01/05 19:49:43 UTC

[tinkerpop] 01/03: Added note about changes in parameterization recommendations CTR

This is an automated email from the ASF dual-hosted git repository.

spmallette pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tinkerpop.git

commit f947ac6ab0959eaad9498ad77b8bec1806695c23
Author: Stephen Mallette <st...@amazon.com>
AuthorDate: Thu Jan 5 14:48:46 2023 -0500

    Added note about changes in parameterization recommendations CTR
---
 docs/src/reference/gremlin-applications.asciidoc | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/src/reference/gremlin-applications.asciidoc b/docs/src/reference/gremlin-applications.asciidoc
index 0f8a6aa846..a3dabeac0c 100644
--- a/docs/src/reference/gremlin-applications.asciidoc
+++ b/docs/src/reference/gremlin-applications.asciidoc
@@ -2147,10 +2147,17 @@ without all the associated structure which can slow the response.
 [[parameterized-scripts]]
 ==== Parameterized Scripts
 
-image:gremlin-parameterized.png[width=150,float=left] Use script parameterization. Period. There are at least two good
+image:gremlin-parameterized.png[width=150,float=left] If using the standard `GremlinGroovyScriptEngine` in Gremlin
+Server, it is imperative to use script parameterization. Period. There are at least two good
 reasons for doing so: script caching and protection from "Gremlin injection" (conceptually the same as the notion of
 SQL injection).
 
+IMPORTANT: It is possible to use the `GremlinLangScriptEngine` in Gremlin Server as opposed to the
+`GremlinGroovyScriptEngine`. The former makes use of `gremlin-language` and its ANTLR grammar for parsing Gremlin
+scripts. This processing is different from the processing performed by Groovy and therefore spares users from the
+concerns of this section. When considering parameterization, users should also consider the graph database they are
+using to determine if it has native mechanisms that preclude the need for parameterization.
+
 With respect to caching, Gremlin Server caches all scripts that are passed to it.  The cache is keyed based on the a
 hash of the script.  Therefore `g.V(1)` and `g.V(2)` will be recognized as two separate scripts in the cache.  If that
 script is parameterized to `g.V(x)` where `x` is passed as a parameter from the client, there will be no additional