[mapguide-users] Allow access to different layers based on login

Wed May 20 04:01:00 EDT 2009

9. The security level of the user and the render should be seperated, so the
user cannot list resource content, but still render the layer.  (relating to 5)

would that require a change to the approach for the viewers n legends ? perhaps
only return a shorten version of ResourceContent with the relevant
info required?

z

On Wed, May 20, 2009 at 5:51 PM, Kenneth Skovhede, GEOGRAF A/S
<ks at geograf.dk> wrote:
> 8. Change the security system to allow overrides properly
> Current method is to look at the top folder, then trace down into the
> structure.
> At any point, a folder can block access, making it impossible to maintain
> write access to a single resource,
> as all folders in its path must be writeable by the user.
> 9. The security level of the user and the render should be seperated, so the
> user cannot list resource content, but still render the layer.
> (relating to 5)
>
> Regards, Kenneth Skovhede, GEOGRAF A/S
>
>
> Zac Spitzer skrev:
>
> i agree about creating tickets for existing bugs as it also allows some
> tracking of comments which the wiki doesn't really help with, trac is
> a bit limited there...
>
> http://trac.osgeo.org/mapguide/wiki/Future/SecurityEnhancements ?
>
> shall we bounce the list of ideas round via email first?
>
> 1. pluggable external authentication (ie ldap, active directory,
> possibly use apache PAM here)
> 2. case insensitive usernames
> 3. removing the mandatory anonymous login requirement
> 4. adding login from anonymous session support to fusion and classic
> 5. improving MapGuide's "hissy fit" if a user tries to load a map that
> contains resources that they don't have permissions to.
> 6. exposing tile caches via http in a formalised manner, kinda relating to 3
> 7. switching from http status for errors codes to xml results?
>
> z
>
> On Wed, May 20, 2009 at 5:27 PM, Kenneth Skovhede, GEOGRAF A/S
> <ks at geograf.dk> wrote:
>
>
> I would not mind writing up a proposal to list issues and workflow for the
> login/user-management issues.
> The RFC is formal, so I would write it as a wiki page initally, once the
> actual issues are decided,
> we could create issue tickets for each, and put up an RFC for each of the
> breaking changes?
>
> I don't have experience or time enough to actually implement the changes
> though.
>
> Regards, Kenneth Skovhede, GEOGRAF A/S
>
>
> Zac Spitzer skrev:
>
> are there relevant bugs in trac? i had a quick browse but couldn't find any
>
> can we add a security component to trac?
>
> (wish we could assign multiple components to a single issue and
> making the field headers like components a hyperlink to all issues
> for that component, but I'm just a spoilt old jira junkie)
>
> also related is allowing ldap for user auth and getting rid of the stupid
> case sensitive usernames, using XML has quite a few drawbacks
>
> there's a swag of security related items here aren't there? definitely
> need an RFC
>
> I reckon autodesk's commercial customers would love this too
> and it probably is a show stopper for a lot of larger companies evaluating
> MG
>
> z
>
>
> On Wed, May 20, 2009 at 3:42 PM, Jason Birch <Jason.Birch at nanaimo.ca> wrote:
>
>
> I don't see a lot of use for a login UI without also fixing the MapGuide
> security model and improving the way it deals with users accessing maps
> which contain resources they don't have permissions to.  It's a fairly large
> can of worms...
>
> Unfortunately, I don't have any resources (development time, money) to throw
> at a problem this size, and I don't feel comfortable writing an RFC without
> being able to follow through on it.
>
> Jason
>
> -----Original Message-----
> From: Zac Spitzer
> Sent: Tuesday, May 19, 2009 10:37 PM
> To: MapGuide Users Mail List
> Subject: Re: [mapguide-users] Allow access to different layers based on
> login
>
> we kinda need a login interface with the viewers,that way if anon
> access is allowed
> it should be the default, then allowing the users to login if they want/need
> to
>
> the whole anonymous login stuff is rather annoying
>
> time for an RFC maybe?
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>
>
>
>
>
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>
>
>
>
>
>
> _______________________________________________
> mapguide-users mailing list
> mapguide-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapguide-users
>
>

-- 
Zac Spitzer -
http://zacster.blogspot.com
+61 405 847 168