[Geoserver-devel] Improved performance and JAI docs, can someone check?

Hi all,
I've tried to improve the pages about running Geoserver
in a production environment from the perspective of
performance and JAI.

Can someone have a look at them?
http://docs.codehaus.org/display/GEOSDOC/GeoServer+in+Production+Environment
http://docs.codehaus.org/display/GEOSDOC/Dealing+with+native+JAI

Cheers
Andrea

On Tuesday 03 April 2007 14:54, Andrea Aime wrote:

Hi all,
I've tried to improve the pages about running Geoserver
in a production environment from the perspective of
performance and JAI.

Can someone have a look at them?
http://docs.codehaus.org/display/GEOSDOC/GeoServer+in+Production+Environment

this one looks good. The only thing I kept wondering about after reading it is
if geoserver is ready to be ran with a Java 6 JDK, as it only mentions a
newer jdk but I'm not sure if geotools fixed its problems with it?

http://docs.codehaus.org/display/GEOSDOC/Dealing+with+native+JAI

oh, I see the jdk6 thing is mentioned on this one though...
it is pretty complete and well documented as far as I can tell.
The thing that caught my attention is the sql injection thing, which, tough a
geotools datastore issue, I guess we never adressed after all? The thing is
the sql unpacer producing full sql statements instead of using parameterized
PreparedStatements afaik.
Should we set the alarm on on jdbc datastore implementors?

cheers and thanks for the good documentation Andrea.

Gabriel

Cheers
Andrea

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

http://docs.codehaus.org/display/GEOSDOC/Dealing+with+native+JAI

oh, I see the jdk6 thing is mentioned on this one though...
it is pretty complete and well documented as far as I can tell.
The thing that caught my attention is the sql injection thing, which, tough a geotools datastore issue, I guess we never adressed after all? The thing is the sql unpacer producing full sql statements instead of using parameterized PreparedStatements afaik.
Should we set the alarm on on jdbc datastore implementors?

Justin I believe has patches for trunk, the latest jira says they're awaiting review: http://jira.codehaus.org/browse/GEOT-219

The plan is to have it fixed for 1.6.0. Note though that this kind of sql injection does not affect oracle. I'm not sure about db2 and mysql.

Chris

cheers and thanks for the good documentation Andrea.

Gabriel

Cheers
Andrea

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

--
Chris Holmes
The Open Planning Project
http://topp.openplans.org

Gabriel Roldán ha scritto:

On Tuesday 03 April 2007 14:54, Andrea Aime wrote:

Hi all,
I've tried to improve the pages about running Geoserver
in a production environment from the perspective of
performance and JAI.

Can someone have a look at them?
http://docs.codehaus.org/display/GEOSDOC/GeoServer+in+Production+Environment

this one looks good. The only thing I kept wondering about after reading it is if geoserver is ready to be ran with a Java 6 JDK, as it only mentions a newer jdk but I'm not sure if geotools fixed its problems with it?

It runs ok in my limited tests.
Afaik, all the issues in Geotools are due either to compilation problems
(that we don't see at runtime) or to wrong assumptions in the unit tests.

http://docs.codehaus.org/display/GEOSDOC/Dealing+with+native+JAI

oh, I see the jdk6 thing is mentioned on this one though...
it is pretty complete and well documented as far as I can tell.
The thing that caught my attention is the sql injection thing, which, tough a geotools datastore issue, I guess we never adressed after all? The thing is the sql unpacer producing full sql statements instead of using parameterized PreparedStatements afaik.
Should we set the alarm on on jdbc datastore implementors?

Indeed we should. The only datastore I know of using prepared statements for good is Oracle. There is a TODO in the JDBCTextFeatureWriter code
that forwards to http://jira.codehaus.org/browse/GEOT-219, which is old and, sadly, still open.

Postgis feature writer used to use prepared statements too according to one of my comments, but I checked now, and it does not seem to be the case anymore...
Cc'ing geotools devel too.

Cheers
Andrea

The plan is to have it fixed for 1.6.0. Note though that this kind of
sql injection does not affect oracle. I'm not sure about db2 and mysql.

Yeah the code is all ready to go, when I asked for review I was asked to
determine how this would affect performance of the datastore. I just
havent gotten around to coming up with those numbers.

Chris

cheers and thanks for the good documentation Andrea.

Gabriel

Cheers
Andrea

-------------------------------------------------------------------------

Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share
your opinions on IT & business topics through brief surveys-and earn
cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to
share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

------------------------------------------------------------------------

_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel

--
Justin Deoliveira
The Open Planning Project
jdeolive@anonymised.com