On Jun 11, 2010, at 9:53 AM, Caleb James DeLisle wrote:
Is it secure?
I don't feel that's a good enough reason not to use it since it would mean that we
would never use any new API. If we want to use it, we can review it from a security POV.
That said, it looks secure, see
http://svn.xwiki.org/svnroot/xwiki/platform/core/trunk/xwiki-query/manager/…
The searchDocuments function has the benefit of having
had a lot of security review.
Well the Query Manager has had the benefit of being written after searchDocument, thus
inheriting from best practices.
Thanks
-Vincent
Vincent Massol wrote:
> Hi devs,
>
> I'm wondering why we haven't moved to using XQL instead of HQL.
>
> Any reason?
>
> If not, I'd like to suggest we start using it everywhere we currently use HQL
since XWQL since is much nicer. Also since we don't use it our users don't use
it.
>
> Additionally I'd like to propose that we move to a ScriptService to access the
query manager.
>
>> From Velocity you'd write the following to get a Query:
> $services.query.xwql("....")
>
> Note that the ScriptService implementation would replace the SecureQueryManager
implementation.
>
> We would also deprecate XWiki.getQueryManager.
>
> WDYT?
>
> Thanks
> -Vincent