[Mapbender-dev] idea: http_digest_authentication to secure services in mapbender registries

Michael Schulz mschulz at webgis.de
Wed Sep 16 11:36:23 EDT 2009


Hi Christoph,

well, I used trunk as the base, but since the mapbender site I
integrated it in still uses 2.5, it was some sort of backporting ;-)

I have not done real testing yet, but hope that this will happen in
the coming days. Afterwards I'll probably backport the serverside as
well.

Michael

2009/9/16 Christoph Baudson <christoph.baudson at wheregroup.com>:
> Michael Schulz schrieb:
>>
>> Hi Armin, Christoph,
>>
>> I have just integrated the http authentication client side in one of
>> our mapbender sites and it works flawless with the example url
>> provided by Armin. I hope to be able to test it with real services in
>> the coming days.
>>
>
>
> Did you use trunk?
>
> Thanks for testing
>
> Christoph
>
>
>> Cheers, Michael
>>
>>
>> 2009/8/11 Christoph Baudson <christoph.baudson at wheregroup.com>:
>>
>>>
>>> We addressed your idea at yesterday's IRC meeting. We decided to discuss
>>> it
>>> in more detail at next week's meeting, when we have had time to prepare.
>>>
>>> Thanks for your input
>>>
>>> Christoph
>>>
>>> Armin Retterath schrieb:
>>>
>>>>
>>>> hello,
>>>>
>>>> we plan to extent mapbenders owsproxy function to support http_digest
>>>> authentication (http://www.ietf.org/rfc/rfc2617.txt) too.  with this
>>>> possibility and the use of https we can make a relativ secure connection
>>>> between different mapbender installations or between mapbender and
>>>> clients
>>>> who support the http_digest authentication. we think, it will be easy to
>>>> extent clients to support the http_digest. one critical performance
>>>> problem
>>>>  will be, that mapbender must control the authorization at every getmap,
>>>> getfeatureinfo, getlegendgraphics and getcap request. this maybe solved
>>>> by
>>>> caching the authorization info in an indexed version (lucene or
>>>> textfile).
>>>> for supporting the http_digest, we have to store the digest (md5
>>>> ('username:realm:password')) in the mb_user table. this hash must be
>>>> updated every time the username or the password changes (cannot be done
>>>> by
>>>> db trigger, cause the password is stored as md5 hash in the mb_user
>>>> table).
>>>> for the mapbender http_digest client side the wms table has to be
>>>> extented
>>>> for username and digest columns. when someone upload a http_digest
>>>> secured
>>>> wms he has to give a username and a password which will be used to
>>>> create
>>>> the secured connection to this service (by the use of curl). the viewing
>>>> of
>>>> such a service can only be done by using the mapbender owsproxy. this is
>>>> the
>>>> idea and should be realized until end of september.
>>>> any ideas or suggestions to this are welcome. please send them to the
>>>> dev-list.
>>>>
>>>> regards
>>>> armin
>>>>
>>>>
>>>>
>>>
>>> --
>>> ----------------------------------
>>>
>>> Aufwind durch Wissen!
>>>
>>> Qualifizierte OpenSource-Schulungen
>>> bei der www.foss-academy.eu
>>>
>>> ----------------------------------
>>> _______________________________________
>>>
>>> W h e r e G r o u p GmbH & Co. KG
>>>
>>> Siemensstraße 8
>>> 53121 Bonn
>>> Germany
>>>
>>> Christoph Baudson
>>> Anwendungsentwickler
>>>
>>> Fon: +49 (0)228 / 90 90 38 - 15
>>> Fax: +49 (0)228 / 90 90 38 - 11
>>> christoph.baudson at wheregroup.com
>>> www.wheregroup.com
>>> Amtsgericht Bonn, HRA 6788
>>> _______________________________________
>>>
>>> Komplementärin:
>>> WhereGroup Verwaltungs GmbH
>>> vertreten durch:
>>> Olaf Knopp, Peter Stamm
>>> _______________________________________
>>> _______________________________________________
>>> Mapbender_dev mailing list
>>> Mapbender_dev at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>>>
>>>
>>
>>
>>
>>
>
>
> --
> ********************************************
> INTERGEO 2009
> 22.-24. September 2009 in Karlsruhe
> Halle 1, Stand 1.417
> www.intergeo.de
> ********************************************
> _______________________________________
>
> W h e r e G r o u p GmbH & Co. KG
>
> Siemensstraße 8
> 53121 Bonn
> Germany
>
> Christoph Baudson
> Anwendungsentwickler
>
> Fon: +49 (0)228 / 90 90 38 - 15
> Fax: +49 (0)228 / 90 90 38 - 11
> christoph.baudson at wheregroup.com
> www.wheregroup.com
> Amtsgericht Bonn, HRA 6788
> _______________________________________
>
> Komplementärin:
> WhereGroup Verwaltungs GmbH
> vertreten durch:
> Olaf Knopp, Peter Stamm
> _______________________________________
> _______________________________________________
> Mapbender_dev mailing list
> Mapbender_dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapbender_dev
>



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Besuchen Sie uns auf der INTERGEO 2009: 22.09. - 24.09.2009 in Karlsruhe;
Halle 1, Stand 1.417
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aufwind durch Wissen!

Qualifizierte Open Source Schulungen bei der
http://www.foss-akademie.de/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-----------------------------------------------------------
Michael Schulz
mschulz at webgis.de

in medias res
Gesellschaft für Informationstechnologie mbH

+++ Bitte beachten Sie unsere neue Adresse und Durchwahl +++

Schwimmbadstraße 2
D-79100  Freiburg i. Br.

Tel:  +49 (0)761 705798-102
Tel:  +49 (0)761 705798-0
Fax: +49 (0)761 705798-09

+++ Bitte beachten Sie unsere neue Adresse und Durchwahl +++

http://www.webgis.de / http://www.zopecms.de
--------------------------------------------------------------
Geschäftsführer: Stefan Giese, Dr. Christof Lindenbeck
Eingetragen im Handelsregister HRB 5930 beim Amtsgericht Freiburg


More information about the Mapbender_dev mailing list