Hello list, while playing with MapServer WFS Filter Encoding capabilities I found some strange things when it comes to form the DB-queries (the requested layer is PostGIS-driven).
It seems that there will always be a full table-scan and later on the FE
will be applied. Is this done by design?
Using URL-substitutions of the Search-keyword and apply it to a
FILTER-element the resulting SQL-query has the given WHERE-filter set.
But this opens the door for SQL-injections AFAIK. Setting the
validation pattern is a little prevention.
Are there any other ways to realize a keyword-driven search with
MapServer beside FE IsLike or FILTER-substitution?
I am using MS 5.6.5 on debian stable.
TIA
Stephan
--
Stephan Holl <stephan.h...@intevation.de> | Tel.: +49 (0)541-33 508 3663
Intevation GmbH, Neuer Graben 17, 49074 OS | AG Osnabrück - HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: PGP signature
_______________________________________________ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
