On Fri, May 16, 2014 at 10:12 PM, Jody Garnett <[email protected]>wrote:
> That seems fine, but we may wish to police the hints we accept and pass
> along. Not sure how open this one is to SQL injection.
>
No need for data store hints, as they are not something a external user can
provide.
For a query by query hint that comes from an external request, yes, that
would seem more urgent, but
we should not provide a fixed whitelist as the list itself can change with
the version of the underlying
database.
if we take a parallel with parametri sql views, the values come from the
caller, but the validation
regular expression is a configuration given by the admin
>
> Do other database use this approach?
>
Oracle at least.
PostgreSQL is almost always smart enough not to need hints, the policy from
the devs is that if a hint is needed,
then the query planner needs to be fixed.
Cheers
Andrea
--
==
Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
for more information.
==
Ing. Andrea Aime
@geowolf
Technical Lead
GeoSolutions S.A.S.
Via Poggio alle Viti 1187
55054 Massarosa (LU)
Italy
phone: +39 0584 962313
fax: +39 0584 1660272
mob: +39 339 8844549
http://www.geo-solutions.it
http://twitter.com/geosolutions_it
-------------------------------------------------------
------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.
Get unparalleled scalability from the best Selenium testing platform available
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
GeoTools-Devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geotools-devel
