Hello all, I am making GeoServer calls with AUTHKEY (web service key provider) from frontend of application.
When I use the GetFeature (with AUTHKEY) request that includes the cql_filter from frontend, is there a way to validate the cql_filter like I do with the AUTHKEY in the web service key provider? If this is coming from frontend, a "hacker" can change it and access unauthorised data. Making calls from backend slows things down, maybe there is a different solution from geoserver. Thank you ! https://localhost/geoserver/wfs?service=WFS&version=1.1.0&request=GetFeature&typename=UK:points&outputFormat=application/json&srsname=EPSG:4326&cql_filter=(testId in ('1','2','3')) AND (BBOX(geom, -90,-180,90,180)) -- Disclaimer: The content of this email is confidential and intended for the recipient specified in message only. It is strictly forbidden to share any part of this message with any third party, without a written consent of the sender. If you received this message by mistake, please reply to this message and follow with its deletion, so that we can ensure such a mistake does not occur in the future. The security of customers and suppliers as a priority. Therefore, we have put efforts into ensuring that the message is error and virus-free. Unfortunately, full security of the email cannot be ensured as, despite our efforts, the data included in emails could be infected, intercepted, or corrupted. Therefore, the recipient should check the email for threats with proper software, as the sender does not accept liability for any damage inflicted by viewing the content of this email. No employee has the authority to conclude any binding contract without an explicit written consent of their supervisor. Therefore, any will to enter into an agreement must be confirmed by a second manager or director. Any quotation contained is sent to compare available offers and does not imply entering into a legally binding contract. Please do not print this email unless it is necessary. Every unprinted email helps the environment. The views and opinions included in this email belong to their author and do not necessarily mirror the views and opinions of the company. Our employees are obliged not to make any defamatory clauses, infringe, or authorise infringement of any legal right. Therefore, the company will not take any liability for such statements included in emails. In case of any damages or other liabilities arising, employees are fully responsible for the content of their emails.
_______________________________________________ Geoserver-users mailing list Please make sure you read the following two resources before posting to this list: - Earning your support instead of buying it, but Ian Turton: http://www.ianturton.com/talks/foss4g.html#/ - The GeoServer user list posting guidelines: http://geoserver.org/comm/userlist-guidelines.html If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users
