Jonathan Chaffer wrote:
I'm not sure what the best solution to your problem is, but I think I can help you to understand the reasons behind this decision. Consider a paged listing of nodes. If we are to display the first 10 nodes of 1000 on a site, we call db_query_range() to fetch just those entries. This is fast. Now suppose we use hook_access() to check for access to each of those 10. What if none of those pass the access check? Then you have a page with no nodes printed, even if the next 10 would have passed the check!
JonBob -- I'm sympathetic with the problem, and I agree that calling hook_access on each of the nodes would create a noticeable slow down. But displaying content that is sensitive without checking access at all is a problem, and potentially, it is more serious than occasionally printing irregular numbers of records in a batch. If the information is sufficiently sensitive, even the loss of performance might be a reasonable tradeoff. I'm not suggesting that all applications should be saddled with the security requirements of some applications, but it should be possible to configure the system to behave in a more secure fashion without doing major engineering on the framework.
So what are the possible solutions? One could fetch all of the results rather than a range, and use PHP to iterate through the results and call the function on each until 10 are found. I think that *now* we are in insane territory. Other than that, the only option is to perform the access check within the database call itself. This was the decision that was made.
That I am considering such insanity should tell you how heavily I need to weigh security requirements on some applications :-( It's important to remember that hook_db_rewrite_sql is a mechanism for munging queries. A quick examination of contributions/modules will show that relatively few us has made much use of it, at least successfully. That it has become a central piece of our security architecture should raise flags with at least a few of us. A better question might be how we can make it easier to get hook_access to run efficiently. Hook_access is, afterall, designed for access control :-) Thanks, Rob