[Mapbender-dev] idea: http_digest_authentication to secure services in mapbender registries

Christoph Baudson christoph.baudson at wheregroup.com
Tue Aug 11 03:00:02 EDT 2009 

We addressed your idea at yesterday's IRC meeting. We decided to discuss 
it in more detail at next week's meeting, when we have had time to prepare.

Thanks for your input

Christoph

Armin Retterath schrieb:
> hello,
>
> we plan to extent mapbenders owsproxy function to support http_digest 
> authentication (http://www.ietf.org/rfc/rfc2617.txt) too.  with this 
> possibility and the use of https we can make a relativ secure connection 
> between different mapbender installations or between mapbender and clients 
> who support the http_digest authentication. we think, it will be easy to 
> extent clients to support the http_digest. one critical performance problem  
> will be, that mapbender must control the authorization at every getmap, 
> getfeatureinfo, getlegendgraphics and getcap request. this maybe solved by 
> caching the authorization info in an indexed version (lucene or textfile). 
> for supporting the http_digest, we have to store the digest (md5
> ('username:realm:password')) in the mb_user table. this hash must be updated 
> every time the username or the password changes (cannot be done by db 
> trigger, cause the password is stored as md5 hash in the mb_user table).
> for the mapbender http_digest client side the wms table has to be extented for 
> username and digest columns. when someone upload a http_digest secured wms he 
> has to give a username and a password which will be used to create the 
> secured connection to this service (by the use of curl). the viewing of such 
> a service can only be done by using the mapbender owsproxy. 
> this is the idea and should be realized until end of september.
> any ideas or suggestions to this are welcome. please send them to the 
> dev-list.
>
> regards
> armin
>  
>
>   


-- 
----------------------------------

Aufwind durch Wissen!

Qualifizierte OpenSource-Schulungen
bei der www.foss-academy.eu

---------------------------------- 

_______________________________________

W h e r e G r o u p GmbH & Co. KG

Siemensstraße 8
53121 Bonn
Germany

Christoph Baudson
Anwendungsentwickler

Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
christoph.baudson at wheregroup.com
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________

Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________

More information about the Mapbender_dev mailing list