Experiment PostGIS non prepared statement config use prep. statement syntax
without server side prepare
-------------------------------------------------------------------------------------------------------
Key: GEOT-3188
URL: http://jira.codehaus.org/browse/GEOT-3188
Project: GeoTools
Issue Type: Improvement
Components: data jdbc-ng
Affects Versions: 2.7-M1
Reporter: Andrea Aime
Assignee: Andrea Aime
Fix For: 2.7-RC1
The non prepared statement path is well known to be faster when retrieving
large amounts of data (due to the server actually checking the query parameters
values in planning the execution), but more vulnerable to sql injection attacks.
The jdbc driver has an option to set the number of time a prepared statement
has to be used before being actually turned into a server prepared one:
http://jdbc.postgresql.org/documentation/84/server-prepare.html
According to
http://jdbc.postgresql.org/documentation/publicapi/org/postgresql/PGStatement.html#setPrepareThreshold%28int%29
setting it to 0 will disable server side prepare, but it should keep the
prepared statement safety. Something we might want to try out.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Geotools-devel mailing list
Geotools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geotools-devel
