[Mapbender-dev] idea: http_digest_authentication to secure services in mapbender registries

Wed Sep 16 11:25:44 EDT 2009

Hi Armin, Christoph,

I have just integrated the http authentication client side in one of
our mapbender sites and it works flawless with the example url
provided by Armin. I hope to be able to test it with real services in
the coming days.

Cheers, Michael

2009/8/11 Christoph Baudson <christoph.baudson at wheregroup.com>:
> We addressed your idea at yesterday's IRC meeting. We decided to discuss it
> in more detail at next week's meeting, when we have had time to prepare.
>
> Thanks for your input
>
> Christoph
>
> Armin Retterath schrieb:
>>
>> hello,
>>
>> we plan to extent mapbenders owsproxy function to support http_digest
>> authentication (http://www.ietf.org/rfc/rfc2617.txt) too.  with this
>> possibility and the use of https we can make a relativ secure connection
>> between different mapbender installations or between mapbender and clients
>> who support the http_digest authentication. we think, it will be easy to
>> extent clients to support the http_digest. one critical performance problem
>>  will be, that mapbender must control the authorization at every getmap,
>> getfeatureinfo, getlegendgraphics and getcap request. this maybe solved by
>> caching the authorization info in an indexed version (lucene or textfile).
>> for supporting the http_digest, we have to store the digest (md5
>> ('username:realm:password')) in the mb_user table. this hash must be
>> updated every time the username or the password changes (cannot be done by
>> db trigger, cause the password is stored as md5 hash in the mb_user table).
>> for the mapbender http_digest client side the wms table has to be extented
>> for username and digest columns. when someone upload a http_digest secured
>> wms he has to give a username and a password which will be used to create
>> the secured connection to this service (by the use of curl). the viewing of
>> such a service can only be done by using the mapbender owsproxy. this is the
>> idea and should be realized until end of september.
>> any ideas or suggestions to this are welcome. please send them to the
>> dev-list.
>>
>> regards
>> armin
>>
>>
>
>
> --
> ----------------------------------
>
> Aufwind durch Wissen!
>
> Qualifizierte OpenSource-Schulungen
> bei der www.foss-academy.eu
>
> ----------------------------------
> _______________________________________
>
> W h e r e G r o u p GmbH & Co. KG
>
> Siemensstraße 8
> 53121 Bonn
> Germany
>
> Christoph Baudson
> Anwendungsentwickler
>
> Fon: +49 (0)228 / 90 90 38 - 15
> Fax: +49 (0)228 / 90 90 38 - 11
> christoph.baudson at wheregroup.com
> www.wheregroup.com
> Amtsgericht Bonn, HRA 6788
> _______________________________________
>
> Komplementärin:
> WhereGroup Verwaltungs GmbH
> vertreten durch:
> Olaf Knopp, Peter Stamm
> _______________________________________
> _______________________________________________
> Mapbender_dev mailing list
> Mapbender_dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Besuchen Sie uns auf der INTERGEO 2009: 22.09. - 24.09.2009 in Karlsruhe;
Halle 1, Stand 1.417
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aufwind durch Wissen!

Qualifizierte Open Source Schulungen bei der
http://www.foss-akademie.de/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----------------------------------------------------------
Michael Schulz
mschulz at webgis.de

in medias res
Gesellschaft für Informationstechnologie mbH

+++ Bitte beachten Sie unsere neue Adresse und Durchwahl +++

Schwimmbadstraße 2
D-79100  Freiburg i. Br.

Tel:  +49 (0)761 705798-102
Tel:  +49 (0)761 705798-0
Fax: +49 (0)761 705798-09

+++ Bitte beachten Sie unsere neue Adresse und Durchwahl +++

http://www.webgis.de / http://www.zopecms.de
--------------------------------------------------------------
Geschäftsführer: Stefan Giese, Dr. Christof Lindenbeck
Eingetragen im Handelsregister HRB 5930 beim Amtsgericht Freiburg