[mapserver-dev] News on MapServer SLD and MapCache

Stephen Woodbridge stephenwoodbridge37 at gmail.com
Tue Dec 17 10:35:27 PST 2019 

On 12/17/2019 4:18 AM, jbo-ads wrote:
> Hi all,
>
> I would like to apologize for not having been active on MapServer SLD 
> these months. I am busy on more urgent activities from my client, 
> mainly related to MapCache performance. I hope to deliver a synthesis 
> on the form of a wiki page (which to my surprise has not been 
> initiated yet on MapCache).
>
> On this side, I am fixing some bugs and adding configurable features 
> to better control how MapCache retrieves and assembles tiles from its 
> caches depending on each situation.
>
> I am also developing feature requests that arise in the broader 
> context of these activities.
>
> The first one is about a cache structure involving multi-SQLite caches 
> organized in multiple pyramids: one single pyramid from zoom levels 0 
> to 7, then as many pyramids as tiles at zoom level 8. Each of these 
> pyramids starts with one tile at zoom level 8, then four tiles at zoom 
> level 9 and so on. Of course the top zoom level value is configurable. 
> I like to name this cache structure "Z-top". My question is: Do you 
> think it deserves a RFC?
>
> The second one is about allowed values in MapCache implementation of 
> WMS/WMTS dimensions. Currently, dimensions values are sanitized so 
> that '.' (dot) and '/' (slash) characters are replaced by '#' (is it 
> sharp or hash in english?). However my client (and others I've heard 
> of) would like to use file paths as dimension values in order to store 
> cache locations without being constrained to put them all in a single 
> directory. I feel a bit reluctant about this because I suspect this 
> change would introduce a security hole in MapCache, by potentially 
> giving access to server's filesystem. I would like to open the 
> discussion with you about how to provide this feature without 
> compromising security.
>
> Jérome.

If I understand your concern about dimensions using path, is that 
somehow the dimension will get used as part of the path the mapcache 
uses to locate files. So a crafty user might submit a request with a 
dimension to access other files on the server.  This would require 
sanitizing the dimension in some way to make sure it is legitimate and 
not bogus.

Few few things come to mind:

1. don't allow it at all
2. allow it in a restricted way such as:
     i. make all paths relative to a root_dimension_path variable 
configure in mapcache.xml
    ii. don't allow '../' in the dimension paths
3. in mapcache.xml provide a feature to allow dimension to path mapping, 
so user requests never supply the path directly only the dimension and 
you look up the path in the map or throw an error if the dimension if 
not valid.

Of the three, I think 3. is probably the safest and probably keeps the 
code fairly simple.

For example you could have a dimension and path like:

foo#bar#baz   ->  foo/bar.baz

or whatever.

-Steve W

More information about the mapserver-dev mailing list