Hi, James! Thanks for your suggestion about avoiding URL hacking. All in all, I'm not too worried about it - this is mostly going to be used by academics who aren't terribly computer-savvy, and even if someone does hack a URL and see "private" records, all they're going to see are some unfinished records, which isn't really a big deal. Still, I'll try to do what you suggested.
Thanks! Morgan. On Nov 10, 8:01 pm, James Healy <[email protected]> wrote: > In addition to Pat's email: > > Morgan Kay wrote: > > 1) I have a field that determines whether a record is viewable by > > users who aren't logged in. This is a boolean. So if a user is not > > logged in, I plan to put a hidden_field_tag in my form that will add > > "public=true" to the parameters. > > I'd recommend against this. Set the public=true filter in the action > that returns the search results. Otherwise you're open to being URL > hacked by tricky users. > > > 2) I have date fields that are integers. The form will have "begin > > year" and "end year" fields so that users can search for records > > between certain years. > > 3) I have boolean fields that tell whether a record has been > > translated into English or not. Users will be able to limit their > > search to records that have been translated. > > > In cases like these, is it best to index these fields as fields or > > attributes? > > As Pat suggested, all three sound like attributes are the best fit. > > -- James Healy <[email protected]> Thu, 11 Nov 2010 15:01:04 +1100 -- You received this message because you are subscribed to the Google Groups "Thinking Sphinx" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/thinking-sphinx?hl=en.
