[development] Getting Around The Limitations of hook_db_rewrite_sql

Rob Thorne rob at torenware.com
Mon Apr 3 23:46:40 UTC 2006 

Jonathan Chaffer wrote:
> I'm not sure what the best solution to your problem is, but I think I 
> can help you to understand the reasons behind this decision. Consider 
> a paged listing of nodes. If we are to display the first 10 nodes of 
> 1000 on a site, we call db_query_range() to fetch just those entries. 
> This is fast. Now suppose we use hook_access() to check for access to 
> each of those 10. What if none of those pass the access check? Then 
> you have a page with no nodes printed, even if the next 10 would have 
> passed the check!
>
JonBob --

I'm sympathetic with the problem, and I agree that calling hook_access 
on each of the nodes would create a noticeable slow down.

But displaying content that is sensitive without checking access at all 
is a problem, and potentially, it is more serious than occasionally 
printing irregular numbers of records in a batch.  If the information is 
sufficiently sensitive, even the loss of performance might be a 
reasonable tradeoff.

I'm not suggesting that all applications should be saddled with the 
security requirements of some applications, but it should be possible to 
configure the system to behave in a more secure fashion without doing 
major engineering on the framework.
> So what are the possible solutions? One could fetch all of the results 
> rather than a range, and use PHP to iterate through the results and 
> call the function on each until 10 are found. I think that *now* we 
> are in insane territory. Other than that, the only option is to 
> perform the access check within the database call itself. This was the 
> decision that was made.
>
>
That I am considering such insanity should tell you how heavily I need 
to weigh security requirements on some applications :-(

It's important to remember that hook_db_rewrite_sql is a mechanism for 
munging queries.  A quick examination of contributions/modules will show 
that relatively few us has made much use of it, at least successfully.  
That it has become a central piece of our security architecture should 
raise flags with at least a few of us.

A better question might be how we can make it easier to get hook_access 
to run efficiently.  Hook_access is, afterall, designed for access 
control :-)

Thanks,
Rob

More information about the development mailing list