[mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes

Lime, Steve D (MNIT) Steve.Lime at state.mn.us
Mon Jan 6 06:39:01 PST 2014 

You can also encrypt the database password using MapServer utilities. I do the following:

  - store the mapfiles outside web htdocs directory
  - encrypt database passwords (if in a shared hosting environment)
  - use webserver environment variables to reference mapfiles... this obfuscates your file system setup and makes your setup more portable since you reference the environment variable and not the file directly

Steve
________________________________________
From: mapserver-users-bounces at lists.osgeo.org [mapserver-users-bounces at lists.osgeo.org] on behalf of Håvard Tveite [havard.tveite at nmbu.no]
Sent: Monday, January 06, 2014 4:58 AM
To: mapserver-users at lists.osgeo.org
Subject: Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes

Your MAP file does not have to be visible to / readable by
the web server, but it must be visible to Mapserver (mapserv).

Håvard

On 1/6/2014 10:16 AM, Stefan Schwarzer wrote:
> Hi there,
>
> I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too.
>
>           # Layers definition ---------------------
>           LAYER
>               NAME wilderness_areas_po
>                       METADATA
>                               'wcs_label'           'Wilderness Areas'
>                               'wcs_rangeset_name'   'test'
>                               'wcs_rangeset_label'  'test label'
>                       END
>               TYPE RASTER
>               STATUS OFF
>               DATA wilderness_areas_po
>               CONNECTIONTYPE postgis
>               CONNECTION 'user=my_username password=my_password dbname=my_database'
>               PROJECTION
>                   'init=epsg:4326'
>               END
>               END
>
>
> Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that.
>
> What are your recommendations?
>
> Thanks for any hints.
>
> Stefan



--
Håvard Tveite
Department of Mathematical Sciences and Technology, NMBU
Drøbakveien 31, POBox 5003, N-1432 Ås, NORWAY
Phone: +47 64965483 Fax: +47 64965401 http://www.nmbu.no/imt/
_______________________________________________
mapserver-users mailing list
mapserver-users at lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users

More information about the mapserver-users mailing list