Authentication (Re: Feature polls...)

Stephen Woodbridge woodbri at SWOODBRIDGE.COM
Sun Jan 15 22:17:47 EST 2006


Just out of curiosity, why would you not just implement this in 
Perl/python/php/etc and mapscript. All these languages have good tools 
for doing this and this level of filtering should really be at an 
application server level and not at the map drawing level.

-Steve W.

Mark J. MacLennan wrote:
> Bart is referring to the scenario where the user has
> already been authenticated but now there is a further
> restriction as to what specific map layers they
> are allowed to access - the issue of authorization.
> For example, if you are using LDAP you may use
> group membership to restrict access to a web site
> and then use user_id to determine what data can
> be accessed - this allows finer and more dynamic
> control.
> This is NOT something that can easily be done with
> mod_rewrite and probably shouldn't be done at the
> web server level but rather controlled by the
> application itself. This is a capability that would
> be very nice to have in MapServer.
> 
> - Mark
> 
> 
> 
>>Bart,
>>mod_rewrite allows us to match and even rewrite the query string.  
>>This means you could rewrite a request for layer_a to a URL that  
>>requires authentication.
>>I think it's madness to reinvent the auth wheel. A CGI program should  
>>be dumb, and rely on the webserver in this matter.
>>Sean
>>
>>On Jan 14, 2006, at 6:04 AM, Bart van den Eijnden (OSGIS) wrote:
>>
>>
>>>Hi Sean,
>>>for authentication I agree with you, but for authorisation we  
>>>really need a way to assign certain map layers to users/groups  
>>>without duplicating map files.
>>>Best regards,
>>>Bart
> 
> 



More information about the mapserver-dev mailing list