RFC-18: Encryption of passwords in mapfiles
Frank Warmerdam
warmerdam at POBOX.COM
Tue May 30 12:13:44 EDT 2006
Daniel Morissette wrote:
> Note that one of the real benefits of this is that it protects the
> passwords in backups (as long as the key is not included in the backup),
> when transferring the mapfile over insecure medias, and prevents plain
> text passwords from showing up in error messages or log files (not sure
> if any password was ever exposed this way though).
Steve / Daniel,
GDAL/OGR routinely reports errors and debug messages showing the whole
connection string for RDBMS's which typically would have included the
visible password. So I think this RFC is most useful for avoiding clear-text
passwords in error messages and so forth.
Hmm, but come to think of it, we need to do the password decryption before
passing the string to OGROpen(), so this isn't going to help for anything
other than pure mapserver level error message. Ugg.
OK, I'm not *too* excited about this RFC myself.
Best regards,
--
---------------------------------------+--------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam at pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | President OSGF, http://osgeo.org
More information about the mapserver-dev
mailing list