[mapguide-users] Fusion security (or lack of)

Kenneth Skovhede, GEOGRAF A/S ks at geograf.dk
Tue May 27 14:08:28 EDT 2008


I don't know how to get fusion to ask the user for a password.
But you can set a password for the "Anonymous" user in the Site 
Administrator.
You can also change the permissions on the root folder.

In any case, the problem is that the user viewing the map, must also be 
able to read the data.
If you use the same user for viewing all maps, that user has access to 
all mapping data.
It is not required that the username/password is avalible on the client 
(it can use the pre-created sessionid).
But with the sessionid, the user can retrieve the same data, so it is 
basically a matter of starting a map, and retriving the session id.

Regards, Kenneth Skovhede, GEOGRAF A/S



Andrew DeMerchant skrev:
> I've asked about this before - it seems as though there basically is 
> no security when it comes to Fusion maps. Is there a way to force a 
> login when viewing a Fusion map? Also, am I right in thinking that 
> basically, a Fusion app could act as a backdoor to any 'secured' 
> dwf/ajax app? It seems as though you can access any map in your 
> library (or someone else's), in theory...I'm more concerned with 
> figuring out a way to force a login, at the moment - but this all may 
> be something to consider heavily for the next release.
>
> Andrew
>
> -- 
> 	*Andrew DeMerchant*
> *Computer Technologist*
> ph.1-877-2GEMTEC x.163
> fax 506-453-9470
>
> /GEMTEC Limited <http://www.gemtec.ca>
> /191 Doak Road
> Fredericton, NB, Canada
> E3C 2E6
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>   
-------------- next part --------------
Skipped content of type multipart/related


More information about the mapguide-users mailing list