[Mapbender-users] Security Advisory for MS4W users
Astrid Emde (WhereGroup)
astrid.emde at wheregroup.com
Thu Apr 1 00:21:11 PDT 2021
Hello Jeff,
thanks for sharing the information. The documentation of the steps is
very good!
Astrid
Am 2021-03-31 22:04, schrieb Jeff McKenna:
> Dear Mapbender community, please see the message below for those
> running MS4W (or MapServer on any operating system) on public-facing
> servers. thank-you.
>
>
>
> -------- Forwarded Message --------
>
> Hello everyone,
>
> As the security of MS4W on your public-facing server is important,
> please take some time to review the possible security steps to enable
> for MS4W at:
> https://ms4w.com/README_INSTALL.html#securing-your-ms4w-installation
> You will notice MS4W examples, as well as instructions to use an
> online tool for testing your MS4W instance.
>
> As stated there, setting the *MS_MAP_PATTERN* environment variable is
> strongly recommended for your server instance.
>
> The past few weeks (and especially the past few days, which were full
> of intense regular expression testing) I have been working with Steve
> Lime closely and other MapServer steering committee members, to
> release the security advisory for MapServer:
> https://mapserver.org/announcements/2021-03-30-limit-mapfile-access.html
>
> Future MS4W releases will likely be tighter, with definitely the
> popular .exe installer setting & enabling the *MS_MAP_PATTERN* regular
> expression on-the-fly, for new installations, as well as providing a
> few default settings in the distributed Apache httpd.conf file.
>
> MS4W security is my priority, always has been, and I hope the examples
> and expressions that I provided in the MS4W readme above, help
> everyone implement, and take some of the fear of expressions away.
>
> Thank-you all.
>
>
> --
> Thank-you for using MS4W.
> "MS4W: open doors as well as windows"
>
> -jeff
>
>
> --
> Jeff McKenna
> GatewayGeo: Developers of MS4W, MapServer Consulting and Training
> co-founder of FOSS4G
> http://gatewaygeo.com/
>
>
>
>
>
>
> _______________________________________________
> Mapbender_users mailing list
> Mapbender_users at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapbender_users
--
Mit freundlichen Grüßen
Astrid Emde
GIS-Consultant
----------------------------------------------------
Aufwind durch Wissen!
Web-Seminare und Online-Schulungen
bei der www.foss-academy.com
----------------------------------------------------
Astrid Emde
WhereGroup GmbH
Eifelstraße 7
53119 Bonn
Germany
Fon: +49(0)228 90 90 38 - 22
Fax: +49(0)228 90 90 38 - 11
astrid.emde at wheregroup.com
www.wheregroup.com
Meinen PGP Public-Key können Sie unter pgp.mit.edu herunterladen:
https://keys.openpgp.org/vks/v1/by-fingerprint/01F8152D36FC07C25EADDE86C5084ACC1C287CCB
Signierte und/oder verschlüsselte Nachrichten sind sehr willkommen
Folgen Sie der WhereGroup auf twitter:
http://twitter.com/WhereGroup_com
Geschäftsführer:
Olaf Knopp, Peter Stamm
Amtsgericht Bonn, HRB 9885
-------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x1C287CCB.asc
Type: application/pgp-keys
Size: 1574 bytes
Desc: not available
URL: <http://lists.osgeo.org/pipermail/mapbender_users/attachments/20210401/108b5bb0/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osgeo.org/pipermail/mapbender_users/attachments/20210401/108b5bb0/attachment.sig>
More information about the Mapbender_users
mailing list