raghavyadav01 commented on PR #16147: URL: https://github.com/apache/pinot/pull/16147#issuecomment-2992286786
> @raghavyadav01 : can you add options as a third argument instead? > > The current approach is slightly unusual and is particularly susceptible to injection attacks (e.g. a hacker using a search bar in an app might attempt to override the options) Thanks @ankitsultana . Security is not compromised because the system only accepts a fixed list of valid parser options (like CLASSIC, STANDARD, COMPLEX). If someone tries to inject invalid or malicious options, the system will simply ignore them. Users can only use the predefined, safe options that we've already tested and approved. We considered adding a third parameter, but it would require more extensive changes across the codebase and touch more surface area. Since the current text search behavior is inconsistent with Lucene (as some users expect), this fix bridges that gap while minimizing changes/instability and maintaining backward compatibility. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@pinot.apache.org For additional commands, e-mail: commits-h...@pinot.apache.org
