[mapserver-dev] Security risk with WMS exceptions?

Rahkonen Jukka (Tike) jukka.rahkonen at mmmtike.fi
Wed May 21 05:13:01 PDT 2014


Right now the Mapserver demo server has troubles with connecting to PostgreSQL and GetMaps like

leads to this error message:

<?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE ServiceExceptionReport SYSTEM "http://schemas.opengis.net/wms/1.1.1/exception_1_1_1.dtd">
<ServiceExceptionReport version="1.1.1">
msDrawMap(): Image handling error. Failed to draw layer named 'landuse_layer4'.
msPostGISLayerOpen(): Query error. Database connection failed (FATAL:  database "osm" does not exist
) with connect string 'host=localhost dbname=osm user=www-data password=******** port=5432'
Is the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?

Well, the message does not reveal the password and it gives useful information for the Mapserver admin. But does it make sense to send this information to WMS users?

-Jukka Rahkonen-

More information about the mapserver-dev mailing list