On Dec 21, 2006, at 4:56 AM, Deepan wrote:
I am bothered about security problems with lucene. Is it vulnerable to
any kind of injection like mysql injection? many times the query from
user is passed to lucene for search without validating.
Rest easy. There are no known security issues with Lucene, and it
has even undergone a recent static code analysis by Fortify (see the
lucene-dev e-mail list archives). Unlike SQL, there is no
destructive behavior available through the QueryParser.
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
