[Mapbender-dev] SLD in 2.5 branch
Michael Schulz
mschulz at webgis.de
Thu Apr 10 19:22:13 EDT 2008
Hi,
regarding the security problems of the sld mechanisms we faced during
the dev-sprint, i updated the sld parts in 2.5 branch with prep
statements and validateSessions checks for all modules. One problem
remains: when providing a remote or local wms with a dynamic sld-url,
this url is called from the wms without login credentials thus this
call would fail. I have therefore extracted the relevant function to a
new module, that does not validate the session
(sld/sld_function_getusersld.php). Christoph, Uli what do you think
about that? My idea of maybe using the owsproxy area is actually of no
use, since the whole owsproxy stuff relies on a session, so this would
get us not far, i think.
Cheers, Michael
--
-----------------------------------------------------------
Michael Schulz
mschulz at webgis.de
in medias res
Gesellschaft für Informationstechnologie mbH
In den Weihermatten 66
79108 Freiburg
Tel +49 (0)761 556959-5
Fax +49 (0)761 556959-6
http://www.webgis.de / http://www.zopecms.de
-----------------------------------------------------------
More information about the Mapbender_dev
mailing list