[mapguide-users] SQL Import Spatial Data
ed57gmc-bus at yahoo.com
ed57gmc-bus at yahoo.com
Fri Oct 10 14:53:47 EDT 2008
IOW, you can't simply do away with mg users and groups.
Ed Jobe
----- Original Message ----
From: Jason Birch <Jason.Birch at nanaimo.ca>
To: MapGuide Users Mail List <mapguide-users at lists.osgeo.org>
Sent: Friday, October 10, 2008 11:22:33 AM
Subject: RE: [mapguide-users] SQL Import Spatial Data
Ah. Yes, I think MapGuide’s authentication is fine, but the authorization model is a bit dysfunctional.
Active Directory / LDAP are not directly supported, so you’d have to test group membership in your application and map this to the appropriate RO/RW users on the MapGuide server, and make sure that everything goes over SSL.
This doesn’t isolate you from poorly-behaved users or CSS attacks stealing a session key and using it directly against the web tier though. I think the only way of dealing with this particular issue is fixing the MapGuide security model.
Jason
From:ed57gmc-bus
Subject: Re: [mapguide-users] SQL Import Spatial Data
AD is Active Directory. I was planning on using it for authentication. I forgot who it was that said it, but they felt that mg's security was "broken".
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapguide-users/attachments/20081010/9c846806/attachment.html
More information about the mapguide-users
mailing list