Hi,
a friend of mine programmed a nifty little interface for the OSM-database:
http://toolserver.org/~ti/postgis-terminal/
- Is it ok to run that on a public toolserver-website, as it gives access to the whole database? - How can I measure the usage of cpu/memory that the tool produces?
Regards, Thomas
Hi Thomas,
On 08.03.2011 16:47, Thomas Ineichen wrote:
- Is it ok to run that on a public toolserver-website, as it gives
access to the whole database?
the tool is a nice query-builder. But it's quite easy to create long-running queries with it. That might kill the DB.
Perhaps it could help to implement a session handling so only a single query is running at a time while the rest is waiting in a queue.
Could you implement some logging of the query duration? It could give an indication how much load it will put on the DB.
Stephan
Hello, it looks like harakiri to let this run on toolserver. Please have in mind that we use this server as productive system to bring content into wikipedia.
If you don't use a BBOX the query will run very long because it scans the whole database. If you add "AND ST_Contains(mapextent(), way)" afterwards to each query and allows only maps with < 1° x 1° or so it could be better but I believe it's also than very easy to write long running queries.
(You can test also to work with a timeout[1].)
I saw no way to stop a long running query. That's not good. Especially beginners will make a lot of errors, experts will perhaps test there creativity to make "sql-injections"...
Also if I want that more people learn PostGIS, but i must say that the risk on this way seems me too high.
Please have toolserver-roles in mind: "... 6. You are responsible for the security of all services you provide, including both third-party software and software of your own design." I don't believe that you can check all possible query input.
An option is to put the script behind an .htaccess-file and use it only for your own.
Greetings Kolossos
[1]http://stackoverflow.com/questions/1175173/jdbc-postgres-query-with-a-timeou...
Am 08.03.2011 16:47, schrieb Thomas Ineichen:
Hi,
a friend of mine programmed a nifty little interface for the OSM-database:
http://toolserver.org/~ti/postgis-terminal/
- Is it ok to run that on a public toolserver-website, as it gives
access to the whole database?
- How can I measure the usage of cpu/memory that the tool produces?
Regards, Thomas
Maps-l mailing list Maps-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/maps-l
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thomas Ineichen:
a friend of mine programmed a nifty little interface for the OSM-database:
- Is it ok to run that on a public toolserver-website, as it gives
access to the whole database?
Absolutely not. I have disabled this tool. Allowing any user on the Internet to run arbitrary SQL queries on the database is be a massive security problem, in addition to the problems Tim already mentioned.
- river.
PS: If you weren't sure it was okay, why didn't you ask before making it available?