[mapserver-dev] Version 8.0, more opt in and less opt out...
Jeff McKenna
jmckenna at gatewaygeomatics.com
Mon May 17 13:56:02 PDT 2021
Hi Steve,
How does your 'opt-in' thoughts impact the proposed config file for 8.0?
(https://github.com/sdlime/mapserver/wiki/MapServer-8.0-Config-File)
Put another way: I believe that the methods that you mention below are
very confusing/difficult for users, and I'm wondering if we can instead
make this simpler for users.
-jeff
On 2021-05-17 2:58 p.m., Steve Lime wrote:
> Hi all: MapServer has a number of ways to enable/disable CGI-based
> functionality. For example the /ows_enable_request/ metadata (RFC 67),
> the /ms_enable_modes/ metadata (RFC 90) or the immutable validation
> value associated with runtime changes (RFC 44). The latter doesn't seem
> to be particularly well documented so folks probably don't know it's
> possible. Of these methods, only ows_enable_request requires users to
> opt in - you have to explicitly allow OWS services. The other methods
> require users to opt out. I think we should think about changing that in
> 8.0 and require explicit configuration by default, so:
>
> 1. Require /ms_enable_modes/ be set before handling native MapServer
> CGI requests or at least set a more limited default than all modes.
> 2. Consider objects as immutable by default and require users to
> explicitly configure that at the object-level by adding. Would
> probably need to extend the VALIDATION block to a few other objects
> such as scalebars, reference maps and legends. The necessary changes
> are otherwise not extensive.
>
> Note that I consider run-time substitutions as already being explicit
> since 1) validation is required and 2) users must denote substitution
> strings as appropriate. Thoughts?
>
> --Steve
>
>
>
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>
--
Jeff McKenna
GatewayGeo: Developers of MS4W, MapServer Consulting and Training
co-founder of FOSS4G
http://gatewaygeo.com/
More information about the mapserver-dev
mailing list