<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>Securing MAP files.</TITLE>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.2900.3020" name=GENERATOR></HEAD>
<BODY>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>Ian,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>Your mapfiles need not be accessible by HTTP in order for
your PHP programs to run them, if you know what I mean. They don't have to be
public access, in a web-aliased folder. If they are available by HTTP (if they
need to be), then use basic Apache authentication (e.g. <A
href="http://httpd.apache.org/docs/1.3/howto/auth.html">http://httpd.apache.org/docs/1.3/howto/auth.html</A>).</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>If, on the other hand, you want your application to only
use certain mapfiles, you can use that same authentication, and then pick up the
username in PHP, with this server-variable:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>$_SERVER['REDIRECT_REMOTE_USER'])</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>You can then make your application behave differently on
the basis of this username. For example, see:</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2><A
href="http://lists.maptools.org/pipermail/chameleon/2005-September/002992.html">http://lists.maptools.org/pipermail/chameleon/2005-September/002992.html</A></FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>regards,</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2>Jacob</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=154521103-08022007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV><BR>
<BLOCKQUOTE
style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px solid; MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> UMN MapServer Users List
[mailto:MAPSERVER-USERS@LISTS.UMN.EDU] <B>On Behalf Of </B>Ian
Tidy<BR><B>Sent:</B> 8 February 2007 10:21<BR><B>To:</B>
MAPSERVER-USERS@LISTS.UMN.EDU<BR><B>Subject:</B> [UMN_MAPSERVER-USERS]
Securing MAP files.<BR></FONT><BR></DIV>
<DIV></DIV><!-- Converted from text/rtf format -->
<P><FONT face=Arial size=2>Hi All,</FONT> </P>
<P><FONT face=Arial size=2>I am in the process of setting up MapServer, and we
want to control users access to specific MAP files. The map files are
all accessed through the same PHP page. Some MAP files will be for
general use, whilst others would need a user name and password.</FONT></P>
<P><FONT face=Arial size=2>I am running an Ubuntu Linux Server.</FONT> </P>
<P><FONT face=Arial size=2>Any ideas on how I can achieve this?</FONT> </P>
<P><FONT face=Arial size=2>Cheers Ian</FONT> <BR><SPAN lang=en-nz><FONT
face="Microsoft Sans Serif" size=2>______________________</FONT><FONT
face="Times New Roman"><BR><B></B></FONT><B><FONT face=Georgia>Ian
Tidy</FONT></B><FONT face="Times New Roman"><BR></FONT><B></B><B><FONT
face=Georgia size=2>GIS Administrator</FONT></B><FONT
face="Times New Roman"><BR></FONT><FONT face=Georgia size=2>Works Asset
Department</FONT><FONT face="Times New Roman"><BR></FONT><FONT face=Georgia
size=2>Napier City Council</FONT><FONT face="Times New Roman"><BR></FONT><FONT
face=Georgia size=2>Hastings St, Private Bag 6010, Napier, New
Zealand</FONT><FONT face="Times New Roman"><BR></FONT><B></B><B><FONT
face=Georgia size=2>Phone +64-6-835-7579 Ext. 8115</FONT></B><FONT
face="Times New Roman"><BR></FONT><FONT face=Georgia size=2>Fax
+64-6-834-4195</FONT><FONT face="Times New Roman"><BR></FONT></SPAN><A
href="mailto:iant@napier.govt.nz"><SPAN lang=en-nz><U><FONT face=Georgia
color=#0000ff size=2>mailto:iant@napier.govt.nz</FONT></U></SPAN></A><SPAN
lang=en-nz><BR></SPAN><A href="http://www.napier.govt.nz"><SPAN
lang=en-nz><U><FONT face=Georgia color=#0000ff
size=2>http://www.napier.govt.nz</FONT></U></SPAN></A><SPAN lang=en-nz><FONT
face="Times New Roman"> </FONT></SPAN></P><BR><BR>
<HR>
This e-mail message has been scanned for Viruses and Content and cleared by
<FONT color=#400080><STRONG>MailMarshal </STRONG></FONT>
<HR>
######################################################################<BR>Attention:
<BR>This e-mail message and accompanying data may contain information
that<BR>is confidential and subject to legal privilege. Any
information<BR>provided is given in good faith. However unless specifically
stated to<BR>the contrary, Napier City Council accepts no liability for
the<BR>content of this e-mail or for the consequences of any action taken
on<BR>the basis of the information provided, unless that information
is<BR>subsequently confirmed in writing. If you are not the intended
recipient,<BR>you are notified that any use, dissemination, distribution or
copying<BR>of this message or data is prohibited. If you received this
e-mail<BR>message in error, please notify us immediately and erase all
copies<BR>of this message and attachments. Thank you.
</BLOCKQUOTE></BODY></HTML>