[gdal-dev] OGC services and credentials

Michał Kowalczuk michkowalczuk at gmail.com
Tue Oct 29 07:30:04 PDT 2024 

Dear Laurentiu,
I don't use command line tools. I use GDAL API. I only used them here to
show the problem.
For similar reasons I wouldn't even like to use global configuration
options :-)
In my opinion, the most clean way to do it is to hide credentials in
dataset instance.

Michał

wt., 29 paź 2024 o 15:18 Laurențiu Nicola via gdal-dev <
gdal-dev at lists.osgeo.org> napisał(a):

> Hi,
>
> It's unlikely to be a problem for you, but credential passing via
> command-line arguments is considered an anti-pattern because they're
> visible by other users who might be looking at the running process list.
> Environment variables are better because other users can't inspect them.
>
> Of course, this is arguably even less relevant in today's container/k8s
> world, and config options are awkward when you need to open multiple
> datasets from different sources.
>
> Laurentiu
>
> On Tue, Oct 29, 2024, at 14:53, Michał Kowalczuk via gdal-dev wrote:
>
> Hi GDAL friends!
>
> Why service credentials (username & password) can not be entered with open
> options (*-oo UserPwd=user:pass*) when working with OGC services (tested
> against WMS)?
>
> I know there is a config option *GDAL_HTTP_USERPWD=value* but it's not
> clean solution in my opinion. Credential should be related to and owned by
> the dataset not the global environmental variable. What if I use more than
> one services that need credentials?
>
> I know there is a "UserPwd" XML tag when using xml as an open path, but
> this limits the use of other open methods (
> https://gdal.org/en/latest/drivers/raster/wms.html#xml-description-file).
>
> So, the following returns dataset info
> *gdalinfo "WMS:sample_wms_service?request=getcapabilities&service=wms"
> --config GDAL_HTTP_USERPWD=user:pass*
>
> and the following:
> *gdalinfo "WMS:
> sample_wms_service?request=getcapabilities&service=wms" -oo
> UserPwd=user:pass*
> returns error:
>
>
> *ERROR 1: HTTP error code : 401ERROR 1: Error returned by server : HTTP
> error code : 401 (0)gdalinfo failed - unable to open* ...
>
> Unfortunately, I can not share the sample service and it's credentials,
> but it is not needed for answer my general question.
>
> Thank you in advance for your interest in the problem
> Michał Kowalczuk
> _______________________________________________
> gdal-dev mailing list
> gdal-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/gdal-dev
>
>
> _______________________________________________
> gdal-dev mailing list
> gdal-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/gdal-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/gdal-dev/attachments/20241029/1e1fb58b/attachment-0001.htm>

More information about the gdal-dev mailing list