Interface InsecureOrderPathsRegistry
- All Known Implementing Classes:
InsecureOrderPathsRegistryImpl
public interface InsecureOrderPathsRegistry
In
AbstractCriteriaBuilderWrapper,
if the order by expression contains a join to a table that has security restrictions,
the expression is wrapped into a 'CASE .. WHEN' that returns NULL when the security
conditions are not met.
This leads to the records being sorted by NULL which prevents that data is "leaked"
which the user doesn't have access to.
By "leaking" we mean:
The data will not be visible and the particular table cell will be empty. However,
if the record before has the value "AAA" and the record after the empty cell has
the value "AAB", you know that the hidden value in between is between those values.
Sorting by a 'CASE .. WHEN' result column is very expensive for big datasets.
Therefore, in some cases it can make sense to disable this "leak" protection,
so that the column can be ordered by the value on the database (even though
it shouldn't be visible after that).
This can lead to huge performance boosts for big datasets.
This registry contains all the paths which we allow to be sorted in this
insecure way.
CAUTION:
Add paths to this registry very carefully and look at it as a last resort
to speed up a very slow query, if there's no other option to improve the
performance. Never use it for sensitive data.-
Method Summary
-
Method Details
-
insecureOrderAllowed
-