[mapserver-dev] Security risk with WMS exceptions?
Rahkonen Jukka (Tike)
jukka.rahkonen at mmmtike.fi
Wed May 21 05:13:01 PDT 2014
Hi,
Right now the Mapserver demo server has troubles with connecting to PostgreSQL and GetMaps like
http://demo.mapserver.org/cgi-bin/foss4g?&SERVICE=WMS&VERSION=1.1.1%20&REQUEST=GetMap&LAYERS=OSM_Denver&STYLES=&SRS=EPSG:4326&BBOX=-105.208290,39.542378,-104.769779,39.980889&WIDTH=100&HEIGHT=100&FORMAT=image/png
leads to this error message:
<?xml version='1.0' encoding="ISO-8859-1" standalone="no" ?>
<!DOCTYPE ServiceExceptionReport SYSTEM "http://schemas.opengis.net/wms/1.1.1/exception_1_1_1.dtd">
<ServiceExceptionReport version="1.1.1">
<ServiceException>
msDrawMap(): Image handling error. Failed to draw layer named 'landuse_layer4'.
msPostGISLayerOpen(): Query error. Database connection failed (FATAL: database "osm" does not exist
) with connect string 'host=localhost dbname=osm user=www-data password=******** port=5432'
Is the database running? Is it allowing connections? Does the specified user exist? Is the password valid? Is the database on the standard port?
</ServiceException>
</ServiceExceptionReport>
Well, the message does not reveal the password and it gives useful information for the Mapserver admin. But does it make sense to send this information to WMS users?
-Jukka Rahkonen-
More information about the mapserver-dev
mailing list