RFC-18 completed (Encryption of database connections)

Daniel Morissette dmorissette at MAPGEARS.COM
Fri Aug 11 13:18:32 EDT 2006

Hi everyone,

Remember RFC-18, the encryption of database connection strings?

This has been completed and committed to 4.9 CVS earlier in June for OGR 
and Oracle Spatial and appears to be working fine with all the tests we 
made. I had also made the changes to mapsde.c and mappostgis.c but had 
not committed the changes to those two files yet since I had no way to test.

I still have no way to test with SDE and should get postgis running on 
my dev machine but don't have it at the moment, but since the changes 
are trivial I committed them to mappostgis.c and mapsde.c a few minutes 
ago without testing, hoping that everything would go smoothly.  I don't 
expect any side-effect, but if you notice any new problem with SDE or 
Postgis connections that this could have introduced then let me know and 
I'll have a look.

With this committed to CVS, we can consider RFC-18 complete.

In case you want to try/test the new feature, it's very straightforward:

1- Create an encryption key using the new msencrypt command-line utility:

   msencrypt -keygen /path/to/mykey.txt

2- Set MS_ENCRYPTION_KEY in your mapfile (or in an env. var.) to point 
to the encryption key:

   CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

3- Encrypt portions or full connection strings using msencrypt:

   msencrypt -key /path/to/mykey.txt <string_to_encrypt>

4- Embed the encrypted strings in a CONNECTION string in the mapfile:

   CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"

That's it!

Daniel Morissette

More information about the mapserver-dev mailing list