[Mapbender-dev] idea: http_digest_authentication to secure
services in mapbender registries
Christoph Baudson
christoph.baudson at wheregroup.com
Wed Sep 16 11:27:15 EDT 2009
Michael Schulz schrieb:
> Hi Armin, Christoph,
>
> I have just integrated the http authentication client side in one of
> our mapbender sites and it works flawless with the example url
> provided by Armin. I hope to be able to test it with real services in
> the coming days.
>
Did you use trunk?
Thanks for testing
Christoph
> Cheers, Michael
>
>
> 2009/8/11 Christoph Baudson <christoph.baudson at wheregroup.com>:
>
>> We addressed your idea at yesterday's IRC meeting. We decided to discuss it
>> in more detail at next week's meeting, when we have had time to prepare.
>>
>> Thanks for your input
>>
>> Christoph
>>
>> Armin Retterath schrieb:
>>
>>> hello,
>>>
>>> we plan to extent mapbenders owsproxy function to support http_digest
>>> authentication (http://www.ietf.org/rfc/rfc2617.txt) too. with this
>>> possibility and the use of https we can make a relativ secure connection
>>> between different mapbender installations or between mapbender and clients
>>> who support the http_digest authentication. we think, it will be easy to
>>> extent clients to support the http_digest. one critical performance problem
>>> will be, that mapbender must control the authorization at every getmap,
>>> getfeatureinfo, getlegendgraphics and getcap request. this maybe solved by
>>> caching the authorization info in an indexed version (lucene or textfile).
>>> for supporting the http_digest, we have to store the digest (md5
>>> ('username:realm:password')) in the mb_user table. this hash must be
>>> updated every time the username or the password changes (cannot be done by
>>> db trigger, cause the password is stored as md5 hash in the mb_user table).
>>> for the mapbender http_digest client side the wms table has to be extented
>>> for username and digest columns. when someone upload a http_digest secured
>>> wms he has to give a username and a password which will be used to create
>>> the secured connection to this service (by the use of curl). the viewing of
>>> such a service can only be done by using the mapbender owsproxy. this is the
>>> idea and should be realized until end of september.
>>> any ideas or suggestions to this are welcome. please send them to the
>>> dev-list.
>>>
>>> regards
>>> armin
>>>
>>>
>>>
>> --
>> ----------------------------------
>>
>> Aufwind durch Wissen!
>>
>> Qualifizierte OpenSource-Schulungen
>> bei der www.foss-academy.eu
>>
>> ----------------------------------
>> _______________________________________
>>
>> W h e r e G r o u p GmbH & Co. KG
>>
>> Siemensstraße 8
>> 53121 Bonn
>> Germany
>>
>> Christoph Baudson
>> Anwendungsentwickler
>>
>> Fon: +49 (0)228 / 90 90 38 - 15
>> Fax: +49 (0)228 / 90 90 38 - 11
>> christoph.baudson at wheregroup.com
>> www.wheregroup.com
>> Amtsgericht Bonn, HRA 6788
>> _______________________________________
>>
>> Komplementärin:
>> WhereGroup Verwaltungs GmbH
>> vertreten durch:
>> Olaf Knopp, Peter Stamm
>> _______________________________________
>> _______________________________________________
>> Mapbender_dev mailing list
>> Mapbender_dev at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>>
>>
>
>
>
>
--
********************************************
INTERGEO 2009
22.-24. September 2009 in Karlsruhe
Halle 1, Stand 1.417
www.intergeo.de
********************************************
_______________________________________
W h e r e G r o u p GmbH & Co. KG
Siemensstraße 8
53121 Bonn
Germany
Christoph Baudson
Anwendungsentwickler
Fon: +49 (0)228 / 90 90 38 - 15
Fax: +49 (0)228 / 90 90 38 - 11
christoph.baudson at wheregroup.com
www.wheregroup.com
Amtsgericht Bonn, HRA 6788
_______________________________________
Komplementärin:
WhereGroup Verwaltungs GmbH
vertreten durch:
Olaf Knopp, Peter Stamm
_______________________________________
More information about the Mapbender_dev
mailing list