[Maps-l] PostGIS Terminal
Tim Alder
tim.alder at s2002.tu-chemnitz.de
Tue Mar 8 22:29:08 UTC 2011
Hello,
it looks like harakiri to let this run on toolserver.
Please have in mind that we use this server as productive
system to bring content into wikipedia.
If you don't use a BBOX the query will run very long
because it scans the whole database.
If you add "AND ST_Contains(mapextent(), way)" afterwards to each query
and allows only maps with < 1° x 1° or so it could be better but I
believe it's also than very easy to write long running queries.
(You can test also to work with a timeout[1].)
I saw no way to stop a long running query. That's not good.
Especially beginners will make a lot of errors, experts will perhaps
test there creativity to make "sql-injections"...
Also if I want that more people learn PostGIS, but i must say that the
risk on this way seems me too high.
Please have toolserver-roles in mind:
"... 6. You are responsible for the security of all services you
provide, including both third-party software and software of your own
design."
I don't believe that you can check all possible query input.
An option is to put the script behind an .htaccess-file and use it only
for your own.
Greetings Kolossos
[1]http://stackoverflow.com/questions/1175173/jdbc-postgres-query-with-a-timeout
Am 08.03.2011 16:47, schrieb Thomas Ineichen:
> Hi,
>
> a friend of mine programmed a nifty little interface for the OSM-database:
>
> http://toolserver.org/~ti/postgis-terminal/
>
> - Is it ok to run that on a public toolserver-website, as it gives
> access to the whole database?
> - How can I measure the usage of cpu/memory that the tool produces?
>
>
> Regards,
> Thomas
>
> _______________________________________________
> Maps-l mailing list
> Maps-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/maps-l
>
More information about the Maps-l
mailing list