are there best practices for sanitizing query strings?
What i want to do is
a) dont let users issue expensive queries
b) hinder some users from searching specific fields
c) internationalize field names.
OK, c) isn't really sanitizing, but i think all 3 points would require a
pre parsing process, so i thought i also mention this
Is there a way to do this? And if not, why are we the only ones with this
requirements?
Your best bet is probably a custom parser with your own grammar. On the ES
side, if you use something like a simple_query_string or a match query, it
would also help a little bit (instead of using the query_string query).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.