Even better: use solution 3, but create a view on the database and query the view instead. I'm not sure if it can be done it but I guess that a malicious user could trick mapserver and add a filter like ' OR 1=1 ' and in that case ALL features (including GROFT) will be shown.
HTH, Umberto On Fri, Jan 13, 2012 at 1:09 AM, Gabe Codina <[email protected]> wrote: > We do something similar here is how we implement your solution 3**** > > ** ** > > CONNECTIONTYPE PLUGIN**** > > PLUGIN ".\msplugin_mssql2008.dll"**** > > CONNECTION > "server=SERVER\MSSQL;uid=USERID;pwd=PASSWORD;database=DATABASE;Integrated > Security=false"**** > > DATA "gExtent FROM (SELECT * FROM tm_points WHERE type!=’GRØFT’)AS > FOO USING UNIQUE [iId] USING SRID=4326"**** > > ** ** > > ** ** > > Note the connection string needs to access your MSSQL Instance and the > plugin dll must be available the format of the data statement lets you put > quite a complex SQL statement inside the ()s.**** > > ** ** > > Gabe Codina**** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Hawk AA > *Sent:* Friday, 13 January 2012 3:24 AM > *To:* [email protected] > *Subject:* [mapserver-users] Mapserver Layer Filter**** > > ** ** > > Hi there, Mailing List,**** > > ** ** > > We have a customer that wants their maps to be published online, but some > of the features is confidential and should not be displayed.**** > > ** ** > > We have added following to the layer definition:**** > > FILTER ('[type]' != "GRØFT ")**** > > It works, the features with type GRØFT are not showed in the map.**** > > ** ** > > However, we have a window that let the user browse the data, and it will > be possible to access the features of type GRØFT. When you press “show in > map”, the JavaScript clients triggers a WFS request with a filter asking > for elements with the current ID. By doing this, WFS omits the LAYER FILTER > definition, so the element can be showed in the map, even if it is of type > GRØFT. I need a way to make sure the WFS can’t deliver any data of type > GRØFT.**** > > ** ** > > I’ve seen three possible solutions:**** > > **1. **We have a service that automatically converts uploaded > MapInfo *.TAB-files to SHP. If I am correct, I could use the > “-where”-argument on the ogr2ogr to filter data and only get features which > does not have type GRØFT. I hope I do not have to do this, since debugging > and developing a windows service is quite tricky.**** > > **2. **Add additional filter values to the WFS query. I could also > define the types not to show in the JavaScript, and let the application > automatically add <PropertyIsNotEqualTo>-tags to the AJAX query. This would > be less secure, and I need to define types not to show at two places.**** > > **3. **The best solution in my eyes is to let the magic happen in > the MAP-file, and that is mostly why I am posting here. Is there a way to > add a query to the Layer Data definition, like you do if you are querying a > MSSQL database? I can imagine a syntax like this: > CONNECTIONTYPE OGR > CONNECTION "TM_Nett/TM_Points" > DATA "SELECT * FROM tm_points WHERE type!=’GRØFT’” > It does not seem to work.**** > > ** ** > > Any suggestions, especially regarding the third solution?**** > > ** ** > > Best regards,**** > > Håkon Åmdal**** > > ** ** > > ** ** > > _______________________________________________ > mapserver-users mailing list > [email protected] > http://lists.osgeo.org/mailman/listinfo/mapserver-users > >
_______________________________________________ mapserver-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapserver-users
