Hi all,
I’m building a web map that collects some simple GeoJSON from user-drawn polygons and I’m trying to devise a method to send out and store that data. Would it be a bad idea to use GeoServer’s REST api to push an entry to a database, or would this possibly expose a security vulnerability? Is there a way to configure an authentication filter to only allow a user write access to a database table (via html form), and forbid any other CRUD operations? Unfortunately, I’m forced to build everything using front-end tech, so I’m trying to find a solution using Javascript/AJAX. Thank you all very much.
Best,
Todd
Hi Todd
Saving feature data to GeoServer is exactly the sort of thing WFS-T is intended for - see here for details.
Combining this with GeoServer’s standard security model should allow you to update database records in a secure fashion.
Also note that the GoeServer REST api does not provide any way of accessing or modifying database records.
Torben
···
On Tue, Jun 5, 2018 at 12:44 PM, Todd Jacobus <tj@anonymised.com> wrote:
Hi all,
I’m building a web map that collects some simple GeoJSON from user-drawn polygons and I’m trying to devise a method to send out and store that data. Would it be a bad idea to use GeoServer’s REST api to push an entry to a database, or would this possibly expose a security vulnerability? Is there a way to configure an authentication filter to only allow a user write access to a database table (via html form), and forbid any other CRUD operations? Unfortunately, I’m forced to build everything using front-end tech, so I’m trying to find a solution using Javascript/AJAX. Thank you all very much.
Best,
Todd
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this list:
If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@anonymised.com.382…sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users
Hi Torben,
Thank you very much for your reply! WFS-T was not known to me, but seems exactly what I’m looking for. Much appreciated!
Todd
···
On Tue, Jun 5, 2018 at 2:48 PM, Torben Barsballe <tbarsballe@anonymised.com> wrote:
Hi Todd
Saving feature data to GeoServer is exactly the sort of thing WFS-T is intended for - see here for details.
Combining this with GeoServer’s standard security model should allow you to update database records in a secure fashion.
Also note that the GoeServer REST api does not provide any way of accessing or modifying database records.
Torben
On Tue, Jun 5, 2018 at 12:44 PM, Todd Jacobus <tj@anonymised.com814…> wrote:
Hi all,
I’m building a web map that collects some simple GeoJSON from user-drawn polygons and I’m trying to devise a method to send out and store that data. Would it be a bad idea to use GeoServer’s REST api to push an entry to a database, or would this possibly expose a security vulnerability? Is there a way to configure an authentication filter to only allow a user write access to a database table (via html form), and forbid any other CRUD operations? Unfortunately, I’m forced to build everything using front-end tech, so I’m trying to find a solution using Javascript/AJAX. Thank you all very much.
Best,
Todd
Check out the vibrant tech community on one of the world’s most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Geoserver-users mailing list
Please make sure you read the following two resources before posting to this list:
If you want to request a feature or an improvement, also see this: https://github.com/geoserver/geoserver/wiki/Successfully-requesting-and-integrating-new-features-and-improvements-in-GeoServer
Geoserver-users@anonymised.comrge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users