[mapserver-commits] r7499 - trunk/docs/references/utilityreference

svn at osgeo.org svn at osgeo.org
Mon Apr 7 13:46:09 EDT 2008


Author: jmckenna
Date: 2008-04-07 13:46:09 -0400 (Mon, 07 Apr 2008)
New Revision: 7499

Modified:
   trunk/docs/references/utilityreference/msencrypt.txt
Log:
update to include examples, from the MapServer User's Manual

Modified: trunk/docs/references/utilityreference/msencrypt.txt
===================================================================
--- trunk/docs/references/utilityreference/msencrypt.txt	2008-04-05 20:40:00 UTC (rev 7498)
+++ trunk/docs/references/utilityreference/msencrypt.txt	2008-04-07 17:46:09 UTC (rev 7499)
@@ -1,13 +1,110 @@
-:Purpose: Used to create an encryption key or to encrypt portions of connection strings for use in mapfiles (added in v4.10, see MS-RFC-18)
+:Purpose:
+  Used to create an encryption key or to encrypt portions of connection strings for 
+  use in mapfiles (added in v4.10) .  Typically you might want to encrypt portions of 
+  the CONNECTION parameter for a database connection.  The following CONNECTIONTYPEs 
+  are supported for using this encryption method:
+
+  ::
   
-:Syntax: 
+    OGR
+    Oracle Spatial
+    PostGIS
+    SDE
 
+:Syntax:
   To create a new encryption key:
-  :: 
-
+  
+  ::
+  
     msencrypt -keygen [key_filename]
-
+    
   To encrypt a string:
+  
   ::
+  
+    msencrypt -key [key_filename] [string_to_encrypt]
 
-    msencrypt -key [key_filename] [string_to_encrypt]
+:Use in Mapfile:
+  The location of the encryption key can be specified by two mechanisms, either by 
+  setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive 
+  in the MAP object of your mapfile.  For example: 
+  
+  ::
+  
+	CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"
+	
+  Use the { and } characters as delimiters for encrypted strings inside database 
+  CONNECTIONs in your mapfile.  For example: 
+  
+  ::
+  
+	CONNECTIONTYPE ORACLESPATIAL
+	CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"
+	
+:Example:
+  (note: the following PostGIS example requires at least MapServer 5.0.3 or 5.2)  
+  Let's say we have a LAYER that uses a POSTGIS connection as follows:
+  
+  ::
+  
+    LAYER
+      NAME "provinces"
+      TYPE POLYGON
+      CONNECTIONTYPE POSTGIS
+      CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
+      DATA "the_geom FROM province using SRID=42304"
+      STATUS DEFAULT
+      CLASS
+        NAME "Countries"
+        COLOR 255 0 0
+      END
+    END
+    
+  Here are the steps to encrypt the password in the above connection:
+  
+  1.Generate an encryption key (note that this key should not be stored anywhere within 
+    your web server's accessible directories):
+   
+    ::
+    
+      msencrypt -keygen "E:\temp\mykey.txt"
+
+    And this generated key file might contain something like: 
+    
+    ::
+    
+      2137FEFDB5611448738D9FBB1DC59055
+      
+  2.Encrypt the connection's password using that generated key:
+
+    ::
+    
+      msencrypt -key "E:\temp\mykey.txt" "iluvyou18"
+
+    Which returns the password encrypted, at the commandline (you'll 
+    use it in a second):
+
+    ::
+    
+      3656026A23DBAFC04C402EDFAB7CE714
+
+  3.Edit the mapfile to make sure the 'mykey.txt' can be found, using the 
+    "MS_ENCRYPTION_KEY" environment variable.  The CONFIG parameter inside the 
+    MAP object can be used to set an environment variable inside a mapfile:
+
+    ::
+    
+      MAP
+        ...
+        CONFIG "MS_ENCRYPTION_KEY" "E:/temp/mykey.txt"
+        ...
+      END #mapfile
+      
+  4.Modify the layer's CONNECTION to use the generated password key, 
+    making sure to use the “{}” brackets around the key:
+    
+    ::
+    
+      CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"
+ 
+  5.Done!  Give your new encrypted mapfile a try with the shp2img utility!



More information about the mapserver-commits mailing list