[mapserver-dev] Tile Access API

Steve Lime Steve.Lime at dnr.state.mn.us
Wed Apr 16 12:37:01 EDT 2008 

I still favor more off then on by default. For most of the OGC services you need to explicitly configure
them for them to be useful anyway so in that case off by default makes more sense to me. The CGI
should really be the only default service. Plus, in most cases a mapfile is configured for 1 maybe two
services and it's much easier to turn 2 things on than 10 things off.

In addition, many users are working from pre-built distributions so they often won't even know what 
they have.

I kinda like the SERVICES block. The "*" "*" line is weird though. It would be more readable as "ALL" "TRUE"
or something like that. I'd also suggest changing "WCS"   "1.1.0-" to "WCS"   "1.1.0+".

Steve

>>> On 4/16/2008 at 11:14 AM, in message <480625EA.3020304 at mapgears.com>, Daniel
Morissette <dmorissette at mapgears.com> wrote:

> Stephen Woodbridge wrote:
>> I will +1 on this as the default.
>> 
>> Frank Warmerdam wrote:
>>> Paul Ramsey wrote:
>>>> I think being able to turn off access modes via a map file
>>>> configuration is GOOD.
>>>> I think having them turned off by default is BAD.
>>>> Ease of use, ease of set-up. 
>>>
>>> Folks,
>>>
>>> I concur with Paul.  I'm excited about a mode to control which services
>>> (and which versions of services) are permitted, but the default should
>>> be provide all services that we have built in at configure time (IMHO).
>>>
> 
> I could live with everything enabled by default if that's what everybody 
> wants, but how would that work in practice for those wishing to 
> configure a safe server?
> 
> If all services are enabled by default then in order to have a "safe" 
> server with only one service enabled, one will need to explicitly list 
> all the services they don't need (that is: all supported services but 
> one). If you add version handling to the mix it can become quite 
> complicated and hard to have an exhaustive list of everything you need 
> to exclude. One would also need to update the list of exclusions in 
> their mapfiles everytime they upgrade to a new MapServer that supports 
> more services/versions... what a poor "MapServer experience" for the 
> admins who care about being safe... and there are more of those than 
> you'd think.
> 
> OTOH, if you start by turning everything off and list only what you're 
> interested in, it will be much easier to be setup a "safe" server in 
> which you are confident that all the toys you don't need are disabled.
> 
> Could you please make a proposal for the way you'd handle the list of 
> exclusions if you start with everything enabled?
> 
> If we start with everything disabled by default, then we could perhaps 
> use something like the following, using a hashtable in the mapObj to 
> store the information:
> 
>    SERVICES
>      "WMS"   "*"           # Enable all versions of WMS
>      "WMS"   "1.0.0,1.1.1,1.3.0" # Enable WMS 1.0.0, 1.1.1 and 1.3.0
>      "WFS"   "1.0.0-1.1.0" # Enable WFS 1.0 to 1.1
>      "WCS"   "1.1.0-"      # Enable WCS 1.1.0 and up
>      "TILES" "gmap"        # Enable gmap tiles
>      "MAPSERV" "*"         # Enable traditional mapserv CGI
>    END
> 
> ... and if someone wants to enable everything they could do:
> 
>    SERVICES
>      "*" "*"
>    END
> 
> 
> Daniel

More information about the mapserver-dev mailing list