So the article suggests using a timkng attack on a Lucene searchbox to determine if an item exists or not (at least thats what I gather).<p>Considering most likely the searchbox will already tell youif something exists, whats the purpose?<p>I think I'm missing something here.
Another excellent reason to write your own query parser instead of using Lucene's. Lucene's query parser is way too powerful to expose to end users.