Re: Re: [exposing-plans] Exposing maDMPs - repository prototype

> Hello Tomasz,
> Thank you for the opportunity to see this new development in the maDMP field, quite nice.
> I have one question for now : does the search also include/operate on the hidden fields ?
> Best wishes,
> Paulette.
Hi,
Currently it doesn't search the hidden fields. Since they are supposed to be completely hidden to any users other than the creator, we removed them from the elasticsearch search index before indexing. Otherwise, it would be possible to extract potentially sensitive information (text fragments) by querying the search index word-by-word or sentence-by-sentence and observing the search results.
However, it would not be that hard to implement. We could either use elasticsearch field-level security to grant access to certain fields or create a separate search index including the hidden fields and manage authentication by passing it through the spring backend (currently the frontend directly queries the elasticsearch server).
Kind regards,
Alex Selzer & Lucas Berent
Hi,
Currently it doesn't search the hidden fields. Since they are supposed to be completely hidden to any users other than the creator, we removed them from the elasticsearch search index before indexing. Otherwise, it would be possible to extract potentially sensitive information (text fragments) by querying the search index word-by-word or sentence-by-sentence and observing the search results.
However, it would not be that hard to implement. We could either use elasticsearch field-level security to grant access to certain fields or create a separate search index including the hidden fields and manage authentication by passing it through the spring backend (currently the frontend directly queries the elasticsearch server).
Kind regards,
Alex Selzer & Lucas Berent