[mapserver-dev] Version 8.0, more opt in and less opt out...

Jeff McKenna jmckenna at gatewaygeomatics.com
Mon May 17 13:56:02 PDT 2021

Hi Steve,

How does your 'opt-in' thoughts impact the proposed config file for 8.0? 
Put another way: I believe that the methods that you mention below are 
very confusing/difficult for users, and I'm wondering if we can instead 
make this simpler for users.


On 2021-05-17 2:58 p.m., Steve Lime wrote:
> Hi all: MapServer has a number of ways to enable/disable CGI-based 
> functionality. For example the /ows_enable_request/ metadata (RFC 67), 
> the /ms_enable_modes/ metadata (RFC 90) or the immutable validation 
> value associated with runtime changes (RFC 44). The latter doesn't seem 
> to be particularly well documented so folks probably don't know it's 
> possible. Of these methods, only ows_enable_request requires users to 
> opt in - you have to explicitly allow OWS services. The other methods 
> require users to opt out. I think we should think about changing that in 
> 8.0 and require explicit configuration by default, so:
>  1. Require /ms_enable_modes/ be set before handling native MapServer
>     CGI requests or at least set a more limited default than all modes.
>  2. Consider objects as immutable by default and require users to
>     explicitly configure that at the object-level by adding. Would
>     probably need to extend the VALIDATION block to a few other objects
>     such as scalebars, reference maps and legends. The necessary changes
>     are otherwise not extensive.
> Note that I consider run-time substitutions as already being explicit 
> since 1) validation is required and 2) users must denote substitution 
> strings as appropriate. Thoughts?
> --Steve
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev

Jeff McKenna
GatewayGeo: Developers of MS4W, MapServer Consulting and Training
co-founder of FOSS4G

More information about the mapserver-dev mailing list