[mapserver-users] MapServer Layer Filter not applying to WFS
Lime, Steve D (DNR)
Steve.Lime at state.mn.us
Mon Nov 5 09:29:44 PST 2012
One other idea. I believe you can avoid using OGR by adding your filter to class expressions and setting a template (which enables queries) at the class level. Class expressions are always checked. If you have one class it's easy:
LAYER
NAME Traseer
GROUP TelMe
TYPE LINE
DATA "TM_Nett/TM_Traces"
CLASS
EXPRESSION'[type]' != "Bru")
# Styling and more etc....
TEMPLATE 'void'
END
# No template set at the layer level
END
Might consider WMS-only vs. WFS-only layer defs to simplify life if you have multiple classes.
Steve
From: mapserver-users-bounces at lists.osgeo.org [mailto:mapserver-users-bounces at lists.osgeo.org] On Behalf Of Hawk AA
Sent: Monday, November 05, 2012 8:26 AM
To: mapserver-users at lists.osgeo.org
Subject: [mapserver-users] MapServer Layer Filter not applying to WFS
Hi there, mailing list,
We have a customer sending us data with sensitive information. The most convenient way for us is to receive the complete data set and applying a filter in the mapfile.
The layer definition looks like this:
LAYER
NAME Traseer
GROUP TelMe
TYPE LINE
DATA "TM_Nett/TM_Traces"
FILTER('[type]' != "Bru")
#Styling and more etc....
END
This works flawlessly using PHP Mapscript and the mapserver WMS service. The data is not accessible. The problem occurs when querying by WFS. The Mapserver WFS service seems to omit the FILTER information and opens up for selecting items with the type "Bru", which is a serious security flaw.
I'd consider this as a bug, although I'm not certain. If anyone please can confirm this, or show me how to make mapserver filter data in WFS as well, I'd be much obliged.
Best Regards,
Håkon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20121105/a07dfe6d/attachment.html>
More information about the mapserver-users
mailing list