Pre-RFC,
pulling rendering/labeling parameters from attributes...
Daniel Morissette
dmorissette at MAPGEARS.COM
Thu Jun 8 14:11:37 EDT 2006
Steve Lime wrote:
>
> - one way global sustitution could be accomplished by slurping a mapfile into a big string buffer and doing substitution there, then tokenize the buffer. I had that working several years ago but never really pursued it.
>
I have seen global URL substitution come up a few times in this
discussion. I would just like to raise a flag: security. If you allow
too many things to be controlled by URL substitution, then you increase
the risk of people using this to access data or resources on servers
that they should not have access to. The mapserv CGI already allows
quite a bit of control via URL parameters so I'm not even sure if it's
that secure today either.
Daniel
--
Daniel Morissette
http://www.mapgears.com/
More information about the mapserver-dev
mailing list