Authentication (Re: Feature polls...)
Mark J. MacLennan
maclenna at VISI.COM
Sun Jan 15 18:22:37 EST 2006
Bart is referring to the scenario where the user has
already been authenticated but now there is a further
restriction as to what specific map layers they
are allowed to access - the issue of authorization.
For example, if you are using LDAP you may use
group membership to restrict access to a web site
and then use user_id to determine what data can
be accessed - this allows finer and more dynamic
control.
This is NOT something that can easily be done with
mod_rewrite and probably shouldn't be done at the
web server level but rather controlled by the
application itself. This is a capability that would
be very nice to have in MapServer.
- Mark
> Bart,
> mod_rewrite allows us to match and even rewrite the query string.
> This means you could rewrite a request for layer_a to a URL that
> requires authentication.
> I think it's madness to reinvent the auth wheel. A CGI program should
> be dumb, and rely on the webserver in this matter.
> Sean
>
> On Jan 14, 2006, at 6:04 AM, Bart van den Eijnden (OSGIS) wrote:
>
> > Hi Sean,
> > for authentication I agree with you, but for authorisation we
> > really need a way to assign certain map layers to users/groups
> > without duplicating map files.
> > Best regards,
> > Bart
More information about the mapserver-dev
mailing list