[mapserver-users] Mapserver Layer Filter

Fri Jan 13 02:39:19 EST 2012

Even better: use solution 3, but create a view on the database and query
the view instead.
I'm not sure if it can be done it but I guess that a malicious user could
trick mapserver and add a filter like ' OR 1=1 ' and in that case ALL
features (including GROFT) will be shown.

HTH,
Umberto

On Fri, Jan 13, 2012 at 1:09 AM, Gabe Codina <Gabe at agtrix.com> wrote:

> We do something similar here is how we implement your solution 3****
>
> ** **
>
>     CONNECTIONTYPE PLUGIN****
>
>     PLUGIN ".\msplugin_mssql2008.dll"****
>
>     CONNECTION
> "server=SERVER\MSSQL;uid=USERID;pwd=PASSWORD;database=DATABASE;Integrated
> Security=false"****
>
>     DATA "gExtent FROM (SELECT * FROM tm_points WHERE type!=’GRØFT’)AS
> FOO USING UNIQUE [iId] USING SRID=4326"****
>
> ** **
>
> ** **
>
> Note the connection string needs to access your MSSQL Instance and the
> plugin dll  must be available the format of the data statement lets you put
> quite a complex SQL statement inside the ()s.****
>
> ** **
>
> Gabe Codina****
>
> ** **
>
> ** **
>
> *From:* mapserver-users-bounces at lists.osgeo.org [mailto:
> mapserver-users-bounces at lists.osgeo.org] *On Behalf Of *Hawk AA
> *Sent:* Friday, 13 January 2012 3:24 AM
> *To:* mapserver-users at lists.osgeo.org
> *Subject:* [mapserver-users] Mapserver Layer Filter****
>
> ** **
>
> Hi there, Mailing List,****
>
> ** **
>
> We have a customer that wants their maps to be published online, but some
> of the features is confidential and should not be displayed.****
>
> ** **
>
> We have added following to the layer definition:****
>
> FILTER ('[type]' != "GRØFT ")****
>
> It works, the features with type GRØFT are not showed in the map.****
>
> ** **
>
> However, we have a window that let the user browse the data, and it will
> be possible to access the features of type GRØFT. When you press “show in
> map”, the JavaScript clients triggers a WFS request with a filter asking
> for elements with the current ID. By doing this, WFS omits the LAYER FILTER
> definition, so the element can be showed in the map, even if it is of type
> GRØFT. I need a way to make sure the WFS can’t deliver any data of type
> GRØFT.****
>
> ** **
>
> I’ve seen three possible solutions:****
>
> **1.       **We have a service that automatically converts uploaded
> MapInfo *.TAB-files to SHP. If I am correct, I could use the
> “-where”-argument on the ogr2ogr to filter data and only get features which
> does not have type GRØFT. I hope I do not have to do this, since debugging
> and developing a windows service is quite tricky.****
>
> **2.       **Add additional filter values to the WFS query. I could also
> define the types not to show in the JavaScript, and let the application
> automatically add <PropertyIsNotEqualTo>-tags to the AJAX query. This would
> be less secure, and I need to define types not to show at two places.****
>
> **3.       **The best solution in my eyes is to let the magic happen in
> the MAP-file, and that is mostly why I am posting here. Is there a way to
> add a query to the Layer Data definition, like you do if you are querying a
> MSSQL database? I can imagine a syntax like this:
> CONNECTIONTYPE OGR
> CONNECTION "TM_Nett/TM_Points"
> DATA "SELECT * FROM tm_points WHERE type!=’GRØFT’”
> It does not seem to work.****
>
> ** **
>
> Any suggestions, especially regarding the third solution?****
>
> ** **
>
> Best regards,****
>
> Håkon Åmdal****
>
> ** **
>
> ** **
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapserver-users/attachments/20120113/1c147d8e/attachment-0001.html