Hello, it looks like harakiri to let this run on toolserver. Please have in mind that we use this server as productive system to bring content into wikipedia.
If you don't use a BBOX the query will run very long because it scans the whole database. If you add "AND ST_Contains(mapextent(), way)" afterwards to each query and allows only maps with < 1° x 1° or so it could be better but I believe it's also than very easy to write long running queries. (You can test also to work with a timeout[1].) I saw no way to stop a long running query. That's not good. Especially beginners will make a lot of errors, experts will perhaps test there creativity to make "sql-injections"... Also if I want that more people learn PostGIS, but i must say that the risk on this way seems me too high. Please have toolserver-roles in mind: "... 6. You are responsible for the security of all services you provide, including both third-party software and software of your own design." I don't believe that you can check all possible query input. An option is to put the script behind an .htaccess-file and use it only for your own. Greetings Kolossos [1]http://stackoverflow.com/questions/1175173/jdbc-postgres-query-with-a-timeout Am 08.03.2011 16:47, schrieb Thomas Ineichen: > Hi, > > a friend of mine programmed a nifty little interface for the OSM-database: > > http://toolserver.org/~ti/postgis-terminal/ > > - Is it ok to run that on a public toolserver-website, as it gives > access to the whole database? > - How can I measure the usage of cpu/memory that the tool produces? > > > Regards, > Thomas > > _______________________________________________ > Maps-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/maps-l > _______________________________________________ Maps-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/maps-l
