[mapserver-users] MapServer Layer Filter not applying to WFS
Lime, Steve D (DNR)
Steve.Lime at state.mn.us
Mon Nov 5 09:18:46 PST 2012
This is known issue, but it's a bigger deal with shapefiles. The WFS filters essentially replace the defined filter, they are not additive. This is true for all drivers. This would need to be an enhancement, but It would be tricky to do so I think given the variety of filter types.
With RDBMS you'd just encode the filter in the data/connection information. The workaround in this case would be to use an OGR layer to access the shapefile instead which will allow you to apply SQL-like syntax at the driver level. See http://mapserver.org/input/vector/ogr.html.
Steve
From: mapserver-users-bounces at lists.osgeo.org [mailto:mapserver-users-bounces at lists.osgeo.org] On Behalf Of Hawk AA
Sent: Monday, November 05, 2012 8:26 AM
To: mapserver-users at lists.osgeo.org
Subject: [mapserver-users] MapServer Layer Filter not applying to WFS
Hi there, mailing list,
We have a customer sending us data with sensitive information. The most convenient way for us is to receive the complete data set and applying a filter in the mapfile.
The layer definition looks like this:
LAYER
NAME Traseer
GROUP TelMe
TYPE LINE
DATA "TM_Nett/TM_Traces"
FILTER('[type]' != "Bru")
#Styling and more etc....
END
This works flawlessly using PHP Mapscript and the mapserver WMS service. The data is not accessible. The problem occurs when querying by WFS. The Mapserver WFS service seems to omit the FILTER information and opens up for selecting items with the type "Bru", which is a serious security flaw.
I'd consider this as a bug, although I'm not certain. If anyone please can confirm this, or show me how to make mapserver filter data in WFS as well, I'd be much obliged.
Best Regards,
Håkon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20121105/36073272/attachment.html>
More information about the mapserver-users
mailing list