[mapserver-dev] Version 8.0, more opt in and less opt out...
Steve Lime
sdlime at gmail.com
Wed Oct 13 08:29:34 PDT 2021
I have a branch started that adds this functionality (currently for just a
scalebar) at https://github.com/sdlime/mapserver/tree/urlupdate. It's
essentially what I mentioned back in June (time flies). It adds a new
attribute called URLUPDATE (more descriptive) that would specify properties
that can be updated. The default would be nothing so users would explicitly
have to choose what is allowed (from an already limited subset).
SCALEBAR
...
URLUPDATE "UNITS|SIZE"
END
We would apply the same approach to all relevant objects. So by default no
updates would be allowed. I can create a WIP pull request later today...
--Steve
On Mon, Jun 14, 2021 at 9:46 AM Steve Lime <sdlime at gmail.com> wrote:
> Thinking about this, I'd guess I'd propose adding a mutable parameter to
> structures that support runtime updates. It wouldn't be a boolean but
> rather a string. Default would be NULL so everything is immutable by
> default. If a value is present the value would be interpreted as a
> case-insensitive regex against the allowed attributes. So, for example you
> could have:
>
> SCALEBAR
> ...
> MUTABLE "UNITS"
> END
>
> So, in this case the units of scalebar could be changed via the syntax
> given in RFC 44 but nothing else.
>
> --Steve
>
> On Tue, May 18, 2021 at 8:51 AM Steve Lime <sdlime at gmail.com> wrote:
>
>> Thanks for the explanation Dan! FWIW I can work up a pull request to
>> illustrate what I was thinking by adding a mutable parameter... I think
>> that can be a simple, easy to understand and explicit approach. --Steve
>>
>> On Tue, May 18, 2021 at 8:47 AM Daniel Morissette <
>> dmorissette at mapgears.com> wrote:
>>
>>> FYI mode=OWS was added to deal with OGC compliance testing which
>>> requires the server to produce an exception in some cases if the
>>> SERVICE/REQUEST parameters are missing... and since MapServer falls back
>>> on the CGI mode by default if SERVICE/REQUESTS are not present then the
>>> only way we could imagine to produce that exception and be compliant was
>>> to add a mode=OWS vendor-specific param in the onlineresource. More
>>> info here:
>>>
>>> https://github.com/MapServer/MapServer/issues/2512
>>>
>>> and
>>>
>>> https://github.com/MapServer/MapServer/issues/2531
>>>
>>>
>>> P.S. I'm following this thread and think it may be a good idea to have
>>> "more opt in and less opt out" for security reasons as long as the
>>> mechanism to handle this is clear and easy to understand, but I don't
>>> have a strong opinion on the proposed changes, that's why I'm staying
>>> quiet.
>>>
>>> --
>>> Daniel Morissette
>>> Mapgears Inc
>>> T: +1 418-696-5056 #201
>>> _______________________________________________
>>> mapserver-dev mailing list
>>> mapserver-dev at lists.osgeo.org
>>> https://lists.osgeo.org/mailman/listinfo/mapserver-dev
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-dev/attachments/20211013/607adcfb/attachment-0001.html>
More information about the MapServer-dev
mailing list