Authentication (Re: Feature polls...)
Kralidis,Tom [Burlington]
Tom.Kralidis at EC.GC.CA
Sun Jan 15 22:39:13 EST 2006
Has anyone checked out DACS (http://dacs.sourceforge.net/)? They have a C/C++ toolkit/API in which one can build modules to stuff like do per layer authorization, etc.
I've seen this successfully integrated with CubeWerx WMS/WFS. Would be neat to see as a pluggable Apache module for use w/ MapServer.
..Tom
-----Original Message-----
From: UMN MapServer Developers List on behalf of Stephen Woodbridge
Sent: Sun 15-Jan-06 22:17
To: MAPSERVER-DEV at LISTS.UMN.EDU
Cc:
Subject: Re: [UMN_MAPSERVER-DEV] Authentication (Re: Feature polls...)
Just out of curiosity, why would you not just implement this in
Perl/python/php/etc and mapscript. All these languages have good tools
for doing this and this level of filtering should really be at an
application server level and not at the map drawing level.
-Steve W.
Mark J. MacLennan wrote:
> Bart is referring to the scenario where the user has
> already been authenticated but now there is a further
> restriction as to what specific map layers they
> are allowed to access - the issue of authorization.
> For example, if you are using LDAP you may use
> group membership to restrict access to a web site
> and then use user_id to determine what data can
> be accessed - this allows finer and more dynamic
> control.
> This is NOT something that can easily be done with
> mod_rewrite and probably shouldn't be done at the
> web server level but rather controlled by the
> application itself. This is a capability that would
> be very nice to have in MapServer.
>
> - Mark
>
>
>
>>Bart,
>>mod_rewrite allows us to match and even rewrite the query string.
>>This means you could rewrite a request for layer_a to a URL that
>>requires authentication.
>>I think it's madness to reinvent the auth wheel. A CGI program should
>>be dumb, and rely on the webserver in this matter.
>>Sean
>>
>>On Jan 14, 2006, at 6:04 AM, Bart van den Eijnden (OSGIS) wrote:
>>
>>
>>>Hi Sean,
>>>for authentication I agree with you, but for authorisation we
>>>really need a way to assign certain map layers to users/groups
>>>without duplicating map files.
>>>Best regards,
>>>Bart
>
>
More information about the mapserver-dev
mailing list