[mapserver-dev] News on MapServer SLD and MapCache
jbo-ads
jbo-ads at laposte.net
Wed Dec 18 05:47:01 PST 2019
Le 17/12/2019 à 19:35, Stephen Woodbridge a écrit :
>
> If I understand your concern about dimensions using path, is that
> somehow the dimension will get used as part of the path the mapcache
> uses to locate files. So a crafty user might submit a request with a
> dimension to access other files on the server. This would require
> sanitizing the dimension in some way to make sure it is legitimate and
> not bogus.
>
> Few few things come to mind:
>
> 1. don't allow it at all
> 2. allow it in a restricted way such as:
> i. make all paths relative to a root_dimension_path variable
> configure in mapcache.xml
> ii. don't allow '../' in the dimension paths
> 3. in mapcache.xml provide a feature to allow dimension to path
> mapping, so user requests never supply the path directly only the
> dimension and you look up the path in the map or throw an error if the
> dimension if not valid.
>
> Of the three, I think 3. is probably the safest and probably keeps the
> code fairly simple.
>
> For example you could have a dimension and path like:
>
> foo#bar#baz -> foo/bar.baz
>
> or whatever.
>
> -Steve W
Thank you Steve for your valuable advice, it confirm my first thoughts.
Indeed dimension values are used as parts of the path to choose among
several caches thanks to the templating feature of cache configuration
(see
<https://mapserver.org/mapcache/caches.html#using-multiple-sqlite-database-files>).
About your three points, 1. is what is implemented now and what should
be changed.
2.i. is already implemented without a specific parameter: In the example
given in the linked document, "/path/to" can be seen as what you call
root_dimension_path. So no need of further developments here.
2.ii. is one of the changes that I thought of. I will certainly
implement it.
3. In the context of my activities, implementation involves second level
dimensions (see
<https://mapserver.org/mapcache/dimensions.html#second-level-dimensions>).
This means that the user supplies a keyword in the &DIM= part of its
request. This keyword is then used by MapCache to query a dimension
database which in turn provides one or more cache paths. I presume that
as long as the dimension database and the mapcache.xml configuration
file are kept in safe places, then the security risk is avoided.
Therefore all I need to do as a developer is to limit path usage in
dimensions to second level dimensions only.
Jérome.
More information about the mapserver-dev
mailing list