Hi,
I indexed emails. And now i want to restrict the search functionality for
users so they only can search for emails to/from him.
i know the email address of the user so my plan is to do it in the following
way:
The user enters some search parameters, they are combined in a query.
This is a mix of TermQueries and WildcardQueries combined with
BooleanQueries.
This query i will combine with a TermQuery which include only hits with
the email
address of the user. (parameter-query) AND (emailaddress-query)
Is this good practice?
And is this save?
Or can a user do some kind of code injection to get other emails?
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
