none
Disable secure search

    Question

  • Hi,

    Anyone knows how to disable secure search for FS4SP?

    Last time we could pass qtf_securityfql:enable=0 in qrserver to bypass additional SAM filter in FAST ESP 5.3. 

     

    TIA

    Wednesday, April 06, 2011 3:51 AM

Answers

  • And that's not doable. With sreedhar's suggestion you will turn it off permanently.

    My suggestion would be to execute a search with the credentials of a user who has access to all content. Then for the results returned per page, execute a search as the current user with an OR for the id's or similar, and see if the user has access. That way you can on a per page basis mark which results the user has access to or not.

    So you would need to execute two searches in order to get the desired functionality. As for the refiners, you would have to display them based on the user who has access to all content.

    Regards,
    Mikael Svenson 


    Search Enthusiast - MCTS SharePoint/WCF4/ASP.Net4
    http://techmikael.blogspot.com/ - http://www.comperiosearch.com/
    • Marked as answer by RWin97 Monday, April 11, 2011 8:00 AM
    Monday, April 11, 2011 6:45 AM

All replies

  • It is not possible, and it shouldn't be either.

    What's your scenario for bypassing security? There might be other ways to accomplish what you are trying to do.

    Regards,
    Mikael Svenson 


    Search Enthusiast - MCTS SharePoint/WCF4/ASP.Net4
    http://techmikael.blogspot.com/ - http://www.comperiosearch.com/
    Friday, April 08, 2011 6:10 AM
  • Hi,

    You can disable by following steps

    Open and edit C:\fastsearch\etc\qrserver\qtf-config.xml
    Comment out the line securityfql
    restart QR server -->nctrl restart qrserver

    At the same I agree with Mikael's question. what is the purpose of this

     

    Sunday, April 10, 2011 3:22 AM
  • This would be an unsupported edit which could be overwritten by any service update from MS. And also it shouldn't be possible to do this in my opinion. Having the option there is just too great of a risk in an enterprise environment where security is one of the key features.

    Regards,
    Mikael Svenson 


    Search Enthusiast - MCTS SharePoint/WCF4/ASP.Net4
    http://techmikael.blogspot.com/ - http://www.comperiosearch.com/
    Sunday, April 10, 2011 4:48 AM
  • Hi Mikael & sreedhar,

    Thanks for the reply.

     

    My scenario is to search all documents but display only document title with custom teaser or may be a "lock" icon if there are any security related documents in the search results. 

    So, I'm thinking that I should be able to do normal search first, instead of secure search. Is my approach correct?

     

    Monday, April 11, 2011 3:43 AM
  • Sorry, my question is can we disable the secure search in FS4SP as supported in FAST ESP 5.3 (i.e. using qtf_securityfql:enable)?

    I still need secure search capabilities to display which documents with title only. 

     

    Monday, April 11, 2011 4:01 AM
  • And that's not doable. With sreedhar's suggestion you will turn it off permanently.

    My suggestion would be to execute a search with the credentials of a user who has access to all content. Then for the results returned per page, execute a search as the current user with an OR for the id's or similar, and see if the user has access. That way you can on a per page basis mark which results the user has access to or not.

    So you would need to execute two searches in order to get the desired functionality. As for the refiners, you would have to display them based on the user who has access to all content.

    Regards,
    Mikael Svenson 


    Search Enthusiast - MCTS SharePoint/WCF4/ASP.Net4
    http://techmikael.blogspot.com/ - http://www.comperiosearch.com/
    • Marked as answer by RWin97 Monday, April 11, 2011 8:00 AM
    Monday, April 11, 2011 6:45 AM
  • Thanks, Mikael.

    Yes, last time it was implemented as per your suggestion. But we passed in additional qtf_securityfql parameter to disable secure search, instead of using a full-read user.

    May be I could use crawler user for this purpose...

     

     

    Well, that means we can't use this parameter anymore in FS4SP

    Monday, April 11, 2011 7:59 AM
  • True, and little more cumbersome to do. That's just how it is with FAST for SharePoint. You can manage to do most things you did with ESP, you just have to befriend the new boundaries and adjust the approach accordingly :)

    And the crawler account would be a good candidate. Of course, adding the credentials somewhere in code for this user would be bad practice, so you might be better off creating a service or web app running in as the crawl user, and call that from your code. A little more work to get it up, but you would not have to add credentials to your code. You could in fact use BCS for this against the search web service, and have it run as the crawl user.

    But any way you figure is the best for you will work :)

    -m


    Search Enthusiast - MCTS SharePoint/WCF4/ASP.Net4
    http://techmikael.blogspot.com/ - http://www.comperiosearch.com/
    Monday, April 11, 2011 8:26 AM