Hello,
it looks like harakiri to let this run on toolserver.
Please have in mind that we use this server as productive
system to bring content into wikipedia.
If you don't use a BBOX the query will run very long
because it scans the whole database.
If you add "AND ST_Contains(mapextent(), way)" afterwards to each query
and allows only maps with < 1° x 1° or so it could be better but I
believe it's also than very easy to write long running queries.
(You can test also to work with a timeout[1].)
I saw no way to stop a long running query. That's not good.
Especially beginners will make a lot of errors, experts will perhaps
test there creativity to make "sql-injections"...
Also if I want that more people learn PostGIS, but i must say that the
risk on this way seems me too high.
Please have toolserver-roles in mind:
"... 6. You are responsible for the security of all services you
provide, including both third-party software and software of your own
design."
I don't believe that you can check all possible query input.
An option is to put the script behind an .htaccess-file and use it only
for your own.
Greetings Kolossos
[
1]http://stackoverflow.com/questions/1175173/jdbc-postgres-query-with-a-tim…
Am 08.03.2011 16:47, schrieb Thomas Ineichen:
Hi,
a friend of mine programmed a nifty little interface for the OSM-database:
http://toolserver.org/~ti/postgis-terminal/
- Is it ok to run that on a public toolserver-website, as it gives
access to the whole database?
- How can I measure the usage of cpu/memory that the tool produces?
Regards,
Thomas
_______________________________________________
Maps-l mailing list
Maps-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/maps-l