[development] Getting Around
The Limitations of hook_db_rewrite_sql
Rob Thorne
rob at torenware.com
Tue Apr 4 00:49:19 UTC 2006
Earl Miles wrote:
> Rob Thorne wrote:
>> But displaying content that is sensitive without checking access at
>> all is a problem, and potentially, it is more serious than
>> occasionally printing irregular numbers of records in a batch. If
>> the information is sufficiently sensitive, even the loss of
>> performance might be a reasonable tradeoff.
>
> That's why node acts on db_rewrite_sql. Security *is* checked.
Strictly speaking, that's only true if there's a reasonable way to put
the needed records into node_access. Otherwise, db_rewrite_sql doesn't
really have anything to work on. And if there isn't: there's no
security for that application either :-(
na_arbitrator does have some promise for what I'm doing; it's probably
possible to use your ACL calls to let your system munge node_access for
me when the user logs in. And I think that your API is reasonable for
that.
But let me say it again: friends should not let friends munge
node_access, except via na_arbitrartor :-)
R
More information about the development
mailing list