[Mapguide-trac] [mapguide-trac] #2864: Support ability to deny resource fetching calls to certain resources for Anonymous users in the mapagent

MapGuide Open Source trac_mapguide at osgeo.org
Tue Mar 21 05:48:53 PDT 2023


#2864: Support ability to deny resource fetching calls to certain resources for
Anonymous users in the mapagent
---------------------------+----------------------
   Reporter:  jng          |      Owner:  jng
       Type:  enhancement  |     Status:  assigned
   Priority:  low          |  Milestone:  4.0
  Component:  Map Agent    |    Version:
   Severity:  trivial      |   Keywords:
External ID:               |
---------------------------+----------------------
 To reduce the attack surface of the MapGuide Web Tier and to prevent
 unwanted leakage of sensitive connection strings in certain Feature
 Sources, we should provide the ability for admins to deny the use of
 resource fetch APIs to anonymous users.

 This could be defined as a list of resource ids or resource id prefixes in
 `webconfig.ini` that get checked against any resource id of a GETRESOURCE,
 GETRESOURCEHEADER, GETRESOURCEDATA operation executed in the context of an
 Anonymous user.
-- 
Ticket URL: <https://trac.osgeo.org/mapguide/ticket/2864>
MapGuide Open Source <http://mapguide.osgeo.org/>
MapGuide Open Source Internals


More information about the mapguide-trac mailing list