Yes, there's a lot of issues, cross-site scripting, session hijacking, proper authentication, etc. Open Web App Security Project is useful
www.owasp.org Also, before you start with NLP and full-on parsers, think about if you can apply a text indexer, stemming and stopping both your user's queries and the database content. Much easier conceptually, easier on db server too. and there's lots of good python packages/python bindings. http://www.xapian.org/ http://www.pypackage.org/packages/python-pyndex http://www.divmod.org/Home/Projects/Lupy/ -- http://mail.python.org/mailman/listinfo/python-list