[mapserver-dev] RFC 67 - Enable/Disable Layers in OGC Web Services

Daniel Morissette dmorissette at mapgears.com
Thu Feb 10 08:45:47 EST 2011 

On 11-02-10 08:04 AM, Kralidis,Tom [Ontario] wrote:
>
> - I imagine, in addition to request handling, that this would be handled
> accordingly in GetCapabilities responses (i.e. we wouldn't write out
> GetFeatureInfo as an operation if "wms_enable_request"
> "!GetFeatureInfo")
>

Yes, that's correct. Perhaps a note about this could be added to the RFC 
to make sure we don't forget that bit.

> - do/will we allow disabling of GetCapabilities requests?  I think
> GetCapabilities would be vital in any use case, in terms of advertising
> a server's info and supported operations
>

Disabling GetCapabilities at the server level may not make much sense 
from a pure OGC spec standpoint, but some app developers may want to use 
the OGC protocol for GetMap with OpenLayers for instance, without 
exposing their full layer list to the world (call that security by 
obfuscation).

At the layer level, disabling GetCapabilities can be used with grouped 
layers (wms_layer_group) to hide individual layers from the 
GetCapabilities while still being able to request them in a GetMap as a 
group.


> - I think, to be consistent with existing behaviour, that all OWS
> services should be enabled by default, and that it would be up to the
> user to explicitly disable them if they want to.  This will break every
> mapfile from an OWS perspective
>

Good point, but I think everybody will have a different opinion on this 
one so we'll need to vote to make the final call.

My take is that I prefer a system where everything is locked down by 
default and users enable features explicitly, hopefully knowing what 
they are doing.

The current situation with all OGC services enabled by default means 
that many users who are only using the mapserv CGI with templates or 
with an OL app and know nothing about OGC services are exposing all 
their data through a bunch of OGC services that they don't understand... 
and they are not even aware of that.

It seems to me that all OGC services should have been disabled by 
default since day one, and mapfile developers should have enabled them 
explicitly as needed... and 6.0 is a good time to fix this. We're only 
talking about a one-liner to re-enable all services in a mapfile anyway, 
not a huge deal for those who know what they're doing.

The current situation with MapServer/OWS is a bit as if your email 
account was open to the whole world by default, and you'd need to read 
through a pile of docs to figure that out, and then find out that you 
need to find and set the "public = false" setting in the preferences to 
protect your privacy. Most people won't read that far and will leave 
their stuff open to the world without knowing it.

That's my opinion: I prefer to protect the innocent and let those in the 
know explicitly enable this kind of feature. Not everybody will agree so 
we'll need to seek consensus, and if the majority choses to keep things 
open by default then I won't object, but at least we'll have dealt with 
the issue.

Daniel
-- 
Daniel Morissette
http://www.mapgears.com/

More information about the mapserver-dev mailing list