Ah haaa. I see now. :-) I didn't make that connection. Hopefully I would hbave before I ever tried to implement that :-)
Kind of like user names and icons on a windows login :-) Dennis Gearon Signature Warning ---------------- It is always a good idea to learn from your own mistakes. It is usually a better idea to learn from others’ mistakes, so you do not have to make them yourself. from 'http://blogs.techrepublic.com.com/security/?p=4501&tag=nl.e036' EARTH has a Right To Life, otherwise we all die. --- On Sat, 10/30/10, Erick Erickson <erickerick...@gmail.com> wrote: > From: Erick Erickson <erickerick...@gmail.com> > Subject: Re: Modelling Access Control > To: solr-user@lucene.apache.org > Date: Saturday, October 30, 2010, 6:01 PM > If that's in response to Lance's > comment, the answer is that if you return > autosuggest possibilities you effectively allow users to > see data they > shouldn't. Imagine you have a field of the real names of > spies. You only > want the persons way high up in the security chain to > access these names and > you control that on a document level. > > Allowing autocomplete on that field would be...er...very > tough on your > spies' health... > > HTH > Erick > > On Tue, Oct 26, 2010 at 2:24 PM, Dennis Gearon <gear...@sbcglobal.net>wrote: > > > "Son, don't touch that stove . . . .", > > > > "OUCH! Hey Dad, I BURNED my hand on that stove, why > didn't you tell me > > that?!?#! You know I need to know WHY, not just > DON'T!" > > > > Dennis Gearon > > > > > Very important: do not make a spelling or > autosuggest index > > > from a > > > text field which some people can see and other > people > > > can't. > > > > > > > >
