[Mapbender-dev] SLD in 2.5 branch

Michael Schulz mschulz at webgis.de
Thu Apr 10 19:22:13 EDT 2008


regarding the security problems of the sld mechanisms we faced during
the dev-sprint, i updated the sld parts in 2.5 branch with prep
statements and validateSessions checks for all modules. One problem
remains: when providing a remote or local wms with a dynamic sld-url,
this url is called from the wms without login credentials thus this
call would fail. I have therefore extracted the relevant function to a
new module, that does not validate the session
(sld/sld_function_getusersld.php). Christoph, Uli what do you think
about that? My idea of maybe using the owsproxy area is actually of no
use, since the whole owsproxy stuff relies on a session, so this would
get us not far, i think.

Cheers, Michael

Michael Schulz
mschulz at webgis.de

in medias res
Gesellschaft für Informationstechnologie mbH

In den Weihermatten 66
79108 Freiburg

Tel +49 (0)761 556959-5
Fax +49 (0)761 556959-6

http://www.webgis.de / http://www.zopecms.de

More information about the Mapbender_dev mailing list