Earl Miles wrote:
Rob Thorne wrote:
But displaying content that is sensitive without checking access at all is a problem, and potentially, it is more serious than occasionally printing irregular numbers of records in a batch. If the information is sufficiently sensitive, even the loss of performance might be a reasonable tradeoff.
That's why node acts on db_rewrite_sql. Security *is* checked. Strictly speaking, that's only true if there's a reasonable way to put the needed records into node_access. Otherwise, db_rewrite_sql doesn't really have anything to work on. And if there isn't: there's no security for that application either :-(
na_arbitrator does have some promise for what I'm doing; it's probably possible to use your ACL calls to let your system munge node_access for me when the user logs in. And I think that your API is reasonable for that. But let me say it again: friends should not let friends munge node_access, except via na_arbitrartor :-) R