[mapguide-users] Security on layers or featureSource
James Card
James.Card at calcad.com
Wed Nov 7 11:00:51 EST 2007
On Wed, 07 Nov 2007 01:37:47 -0800, Bruno Scott <bscott at geomapgis.com>
wrote:
> Actually when we set a no access permission on a layer definition for a
> given user and we open the map referencing this layer (using the same
> user ) we got this message :
>
> Permission denied to resource:
> Library://Samples/Sheboygan/Layers/Districts.LayerDefinition
And, when this happens the user gets no map at all, only the error
message. What _should_ happen is that the server should log the error
message but send the map with all other valid layers to the user with no
indication of the "missing" layer(s). The current system leaks potentially
sensitive information (the layer names of restricted layers) to the user.
I too expected to be able to just assign permissions to the layers (or any
other object) and have the server transparently return only what was
permitted for that user. Perhaps we need to submit an enhancement request?
although I tend to think of the current behavior as a bug.
--
James Card
209-578-5580
More information about the mapguide-users
mailing list