[development] Getting Around The Limitations of hook_db_rewrite_sql

Rob Thorne rob at torenware.com
Tue Apr 4 00:49:19 UTC 2006

Earl Miles wrote:
> Rob Thorne wrote:
>> But displaying content that is sensitive without checking access at 
>> all is a problem, and potentially, it is more serious than 
>> occasionally printing irregular numbers of records in a batch.  If 
>> the information is sufficiently sensitive, even the loss of 
>> performance might be a reasonable tradeoff.
> That's why node acts on db_rewrite_sql. Security *is* checked.
Strictly speaking, that's only true if there's a reasonable way to put 
the needed records into node_access.  Otherwise, db_rewrite_sql doesn't 
really have anything to work on.  And if there isn't:  there's no 
security for that application either :-(

na_arbitrator does have some promise for what I'm doing;  it's probably 
possible to use your ACL calls to let your system munge node_access for 
me when the user logs in.   And  I think that your API is reasonable for 

But let me say it again:  friends should not let friends munge 
node_access, except via na_arbitrartor :-)


More information about the development mailing list