Limit the flexibility of a query_string query?


(Anil Rhemtulla) #1

I'd like to take advantage of the query string query to avoid the pain of
parsing a user's search text. I want them to have pretty much all the
powers that the parser provides including AND, OR, prefix, fuzzy etc.

However, there are a couple limitations I'd like to impose:

  1. No leading wildcard (simple enough, that's an option on query_string).
  2. The user should not be able to choose the fields to search in (e.g.
    "price:100" should not be allowed). Is there a way to do this with ES, or
    do I need to handle restrictions like this on the client end?

Thanks,
Anil

--


(Igor Motov) #2

I would suggest writing your own parser. It will pay off in the long run.

On Thursday, December 6, 2012 12:38:54 PM UTC-5, Anil Rhemtulla wrote:

I'd like to take advantage of the query string query to avoid the pain of
parsing a user's search text. I want them to have pretty much all the
powers that the parser provides including AND, OR, prefix, fuzzy etc.

However, there are a couple limitations I'd like to impose:

  1. No leading wildcard (simple enough, that's an option on query_string).
  2. The user should not be able to choose the fields to search in (e.g.
    "price:100" should not be allowed). Is there a way to do this with ES, or
    do I need to handle restrictions like this on the client end?

Thanks,
Anil

--


(Maziyar PANAHI) #3

Hi,

Not sure what @Anil_Rhemtulla has finally done to overcome this issue, butI have the same problem with query_string. Very powerful and at the same time very exposed and unrestricted.

I don't believe writing a parser by users is a feasible solution just for limiting the fields at least. Like "flags" in Simple Query String, I think it would be nice to have the option like "allowed fields" in query_string to not allowing the users to query any fields in your mapping.

Cheers,
Maziyar


(system) #4