I have stumbled across the requirement to allow users the freedom of searching using full boolean operators. The users show be allowed to specify fields to search in, but at the same time some fields should not be available.
Is there any way to secure the query_string with a set of legal field names?
And in general, is there any way to make sure the query string isn't "hacked" to override field names. Would like to avoid creating my own query parser.