WMS Access Control
Ed McNierney
ed at TOPOZONE.COM
Sun Mar 6 21:05:30 EST 2005
Tom -
Not really, mainly because of the lack of authentication user interface
support on the client side. You could, for example, configure your Web
server to require Basic (username/password) authentication for access to
the MapServer CGI. That's the easy part. The problem is that the
client software needs an interface to let users type in that username
and password, and there isn't really any support for that.
With Basic authentication, the user could provide that information as
part of the URL pointing to the server:
http://username:password@www.yourdomain.com/cgi-bin/mapserv?......
That's fine (and will work), but at that point there's really nothing
very special or secure about that username and password. They're just
part of the plaintext URL string. You could also set up a Web server
to create virtual directories for users, so each user would connect to:
http://www.yourdomain.com/username/cgi-bin/mapserv?.....
And you'd end up doing just the same thing, only without using
"authentication" to do it.
I am not aware of any support in popular GIS client applications for the
more secure forms of HTTP authentication. That's the REAL problem.
- Ed
Ed McNierney
TopoZone.com
-----Original Message-----
From: UMN MapServer Users List [mailto:MAPSERVER-USERS at LISTS.UMN.EDU] On
Behalf Of Tom Bartlett
Sent: Sunday, March 06, 2005 6:45 PM
To: MAPSERVER-USERS at LISTS.UMN.EDU
Subject: [UMN_MAPSERVER-USERS] WMS Access Control
Hi All,
Is there any way to control access to a mapserver WMS thought clients
such as ArcGIS or MapInfo? I don't need to restrict access to
specific layers.... its more about confirm users with a username and
password?
Regards
Tom
More information about the mapserver-users
mailing list