[Mapbender-dev] Public access to Mapbender

[Christoph Baudson]

In the past I have experienced a lot of trouble with demo applications 
that are made public via a user like "demo" and a similar password.

The most annoying problem is, that the account can be disabled by trying 
to log in several times with a wrong password. How about this 
workaround: if the login_count is set to -1 by the owner, the 
login_count would never be incremented in the first place, thus never 
disabling the account. This would be a quick fix.

A more generic solution could include a new column in mb_user, with a 
"public" flag. If this flag was set, you could log in no matter what 
password you supplied (I think it's counter-intuitive to have a password 
for a public user). Maybe Mapbender should be delivered with a default 
public user, to encourage the usage.

A less significant problem is, that you do not know if there are any 
"public" users in a Mapbender installation. You always have to try 
"demo", "guest", "gast", "anonymous" etc. if there is no documentation. 
Maybe the Mapbender server should have this as an API function, or we 
could include it in the portal site.

We should think of a solution, as most installations offer this kind of 
public access.

Christoph

-- 


_______________________________________

W h e r e G r o u p GmbH & Co. KG

Siemensstraße 8
53121 Bonn
Germany

Christoph Baudson
Anwendungsentwickler

Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
christoph.baudson at wheregroup.com
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________

Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________