adding support for user authentication within Mapserver for
GetCapablities and GetMap
Sean Gillies
sgillies at FRII.COM
Fri Aug 31 17:08:43 EDT 2007
No, Tom. This is bad practice. An anti-pattern. Best practice is to use
your web server's authentication and authorization systems. They are
developed by people who have multi-million dollar businesses on the
line, are well tested, and performant.
Sean
Kralidis,Tom [Burlington] wrote:
> =20
> In addition, one can use mapscript WxS to intercept a request and, say, =
> authenticate and process accordingly.
> =20
> Check out http://www.geoxacml.org as an OGC-ish way extending the OASIS =
> XACML spec.
> =20
> ..Tom
> =20
> =20
>
> ________________________________
>
> From: UMN MapServer Users List on behalf of Gregor Mosheh
> Sent: Fri 31-Aug-07 14:58
> To: MAPSERVER-USERS at LISTS.UMN.EDU
> Subject: Re: [UMN_MAPSERVER-USERS] adding support for user =
> authentication within Mapserver for GetCapablities and GetMap
>
>
>
> John Mitchell wrote:
>> How would I add support for user authentication within Mapserver for
>> GetCapablities and GetMap?
>
> Sean's answer is basially right: You don't. Security is the webserver's
> job, and not Mapserver's. In fact, none of the OGC WxS standards
> supports security; they assume that the webserver has already done such
> things before calling the application.
>
> You would have to password protect the mapserv binary or the cgi-bin
> directory which houses it, not just the one app nor just those functions
> or layers.
>
> I have often wondered why the OGC standards left out such a basic
> concept as access control. Mysteries of the universe.
>
> --
> Gregor Mosheh / Greg Allensworth
> System Administrator, HostGIS cartographic development & hosting =
> services
> http://www.HostGIS.com/
>
> "Remember that no one cares if you can back up,
> only if you can restore." - AMANDA
>
More information about the mapserver-users
mailing list