[mapserver-users] WFS Filter Encoding and resulting DB-queries
Stephan Holl
stephan.holl at intevation.de
Tue Feb 22 03:44:28 EST 2011
Hello list,
while playing with MapServer WFS Filter Encoding capabilities I found
some strange things when it comes to form the DB-queries (the
requested layer is PostGIS-driven).
It seems that there will always be a full table-scan and later on the FE
will be applied. Is this done by design?
Using URL-substitutions of the Search-keyword and apply it to a
FILTER-element the resulting SQL-query has the given WHERE-filter set.
But this opens the door for SQL-injections AFAIK. Setting the
validation pattern is a little prevention.
Are there any other ways to realize a keyword-driven search with
MapServer beside FE IsLike or FILTER-substitution?
I am using MS 5.6.5 on debian stable.
TIA
Stephan
--
Stephan Holl <stephan.holl at intevation.de> | Tel.: +49 (0)541-33 508 3663
Intevation GmbH, Neuer Graben 17, 49074 OS | AG Osnabrück - HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.osgeo.org/pipermail/mapserver-users/attachments/20110222/07bbe59b/signature.bin
More information about the mapserver-users
mailing list