[mapserver-dev] Version 8.0, more opt in and less opt out...

Steve Lime sdlime at gmail.com
Tue May 18 05:04:36 PDT 2021


See my last response to Even... In terms of the config file I think we
could consider things like setting a global value for ms_enable_modes. I
can see that being helpful for admins as a way to, for example, turn off
traditional CGI processing site-wide.

On Mon, May 17, 2021 at 3:56 PM Jeff McKenna <jmckenna at gatewaygeomatics.com>
wrote:

> Hi Steve,
>
> How does your 'opt-in' thoughts impact the proposed config file for 8.0?
> (https://github.com/sdlime/mapserver/wiki/MapServer-8.0-Config-File)
> Put another way: I believe that the methods that you mention below are
> very confusing/difficult for users, and I'm wondering if we can instead
> make this simpler for users.
>
> -jeff
>
>
>
> On 2021-05-17 2:58 p.m., Steve Lime wrote:
> > Hi all: MapServer has a number of ways to enable/disable CGI-based
> > functionality. For example the /ows_enable_request/ metadata (RFC 67),
> > the /ms_enable_modes/ metadata (RFC 90) or the immutable validation
> > value associated with runtime changes (RFC 44). The latter doesn't seem
> > to be particularly well documented so folks probably don't know it's
> > possible. Of these methods, only ows_enable_request requires users to
> > opt in - you have to explicitly allow OWS services. The other methods
> > require users to opt out. I think we should think about changing that in
> > 8.0 and require explicit configuration by default, so:
> >
> >  1. Require /ms_enable_modes/ be set before handling native MapServer
> >     CGI requests or at least set a more limited default than all modes.
> >  2. Consider objects as immutable by default and require users to
> >     explicitly configure that at the object-level by adding. Would
> >     probably need to extend the VALIDATION block to a few other objects
> >     such as scalebars, reference maps and legends. The necessary changes
> >     are otherwise not extensive.
> >
> > Note that I consider run-time substitutions as already being explicit
> > since 1) validation is required and 2) users must denote substitution
> > strings as appropriate. Thoughts?
> >
> > --Steve
> >
> >
> >
> > _______________________________________________
> > mapserver-dev mailing list
> > mapserver-dev at lists.osgeo.org
> > https://lists.osgeo.org/mailman/listinfo/mapserver-dev
> >
>
>
> --
> Jeff McKenna
> GatewayGeo: Developers of MS4W, MapServer Consulting and Training
> co-founder of FOSS4G
> http://gatewaygeo.com/
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20210518/21b0bc3a/attachment.html>


More information about the mapserver-dev mailing list