[development] Getting Around The Limitations
rob at torenware.com
Mon Apr 3 23:46:40 UTC 2006
Jonathan Chaffer wrote:
> I'm not sure what the best solution to your problem is, but I think I
> can help you to understand the reasons behind this decision. Consider
> a paged listing of nodes. If we are to display the first 10 nodes of
> 1000 on a site, we call db_query_range() to fetch just those entries.
> This is fast. Now suppose we use hook_access() to check for access to
> each of those 10. What if none of those pass the access check? Then
> you have a page with no nodes printed, even if the next 10 would have
> passed the check!
I'm sympathetic with the problem, and I agree that calling hook_access
on each of the nodes would create a noticeable slow down.
But displaying content that is sensitive without checking access at all
is a problem, and potentially, it is more serious than occasionally
printing irregular numbers of records in a batch. If the information is
sufficiently sensitive, even the loss of performance might be a
I'm not suggesting that all applications should be saddled with the
security requirements of some applications, but it should be possible to
configure the system to behave in a more secure fashion without doing
major engineering on the framework.
> So what are the possible solutions? One could fetch all of the results
> rather than a range, and use PHP to iterate through the results and
> call the function on each until 10 are found. I think that *now* we
> are in insane territory. Other than that, the only option is to
> perform the access check within the database call itself. This was the
> decision that was made.
That I am considering such insanity should tell you how heavily I need
to weigh security requirements on some applications :-(
It's important to remember that hook_db_rewrite_sql is a mechanism for
munging queries. A quick examination of contributions/modules will show
that relatively few us has made much use of it, at least successfully.
That it has become a central piece of our security architecture should
raise flags with at least a few of us.
A better question might be how we can make it easier to get hook_access
to run efficiently. Hook_access is, afterall, designed for access
More information about the development