Thank You Regina, Ben, and Brent for your responses, much appreciated! Your words gave me the help I needed and I'm now moving on towards making my PostGIS Geoportal a reality...but apparently people do this thing called...malicious hacking. And for databases they do it with sql injection.
So my question is: What kind of security issues do I need to be aware of for my specific use case? My use case is to allow a user to download shapefiles from a web browser using their own queries as input for pgsql2shp or ogr2ogr. For example, they would access the webpage, write a query in a box (and/or with the help of a cleverly designed interface), and download the built shape file via email when it is ready. I would also like to allow the first 50 rows to be returned to test their query and test the result of the query I've checked out: http://workshops.boundlessgeo.com/postgis-intro/security.html 'sql injection attack and defense' 2nd edition http://gis.stackexchange.com/questions/76319/what-is-the-most-common-way-of-displaying-geodata-from-postgis-on-leaflet/76324#76324 Thanks! -Nicholas
_______________________________________________ postgis-users mailing list [email protected] http://lists.osgeo.org/cgi-bin/mailman/listinfo/postgis-users
