Open calvinmetcalf opened 7 years ago
calvinmetcalf
commented
7 years ago Also I mentioned security about sqlite based formats on twitter, I don't have anything concrete but my security scene is tingling, a database, that can have stored procedures feels an awfully lot like a program that executes code which is not something I'd really trust coming from somebody I don't trust.
kannes
commented
7 years ago Sqlite has no stored procedures.
calvinmetcalf
commented
7 years ago yeah true, though they do have triggers which is what I was thinking of as it can act similarly
pepijnve
commented
7 years ago though they do have triggers which is what I was thinking of as it can act similarly
Any particular concerns here? The amount of damage a SQL trigger can do is fairly limited. Worst thing I can think of is that you attach an additional database and a trigger happens to do destructive writes in a table of that attached database. The main caveat of course is that if you've exposed dangerous functions to the SQL engine (e.g., Spatialite's blobtofile) those might get called by triggers as well.
calvinmetcalf
commented
7 years ago you could write a lot of data to the current or other database, the other database could have important stuff (aren't passwords sometimes stored in sqlite database) which would be bad to be overwritten.
astrojuanlu
commented
5 months ago What about GeoParquet? #52
kannes
commented
5 months ago What about GeoParquet? #52
Not a good format (at least with current tooling) if editing is important.
And that's good! one of the issues with shapefiles is that it tried to be all things to all men, so instead we can recommend different formats for different things
data interchange
For making data available and sending it places geojson, csv, kml and gml fill that role, with geojson being the leading one, csv used for super simple point data, and gml used for more complex stuff that geojson can't handle, with geojson being the recommendation for most stuff because 99% of users aren't going to have data that needs gml.
data editing
This is where geopackage, file geodatabase, and spatialite come in, and this is going to honestly depend on what software you are using, file geodatabase is probably a good choice if you're editing in ESRI and geopackage or spatialite would be a great choice for non esri world, just don't post them online when making your data available, post it as geojson.