[mapserver-users] Map server security issue

Ed McNierney ed at topozone.com
Thu Oct 25 12:23:45 PDT 2001


John -

MapServer is a CGI application and has no special "security issues"
associated with it.  As part of its execution it creates temporary image
files which are then read by client browsers.  From a security
perspective, Web browser users must have the following access rights:

The right to execute the MapServer CGI binary
The right to read the MapServer MAP definition file(s)
The right to read the shapefiles, raster images, etc. used to create a
MapServer map
The right to write output map images to a temporary directory
The right to read those images from that temporary directory

There's nothing special here - nothing unusual.  If you can tell us what
operating system you're running MapServer on, and whether this is to be
run on a Web site that's open to the public (anonymous users) or whether
it's on a secure Intranet system, we can probably give you more tips.

	- Ed

Ed McNierney
Chief Mapmaker
TopoZone.com
ed at topozone.com
(978) 251-4242


-----Original Message-----
From: John Qu [mailto:jqu at eosdata.gsfc.nasa.gov]
Sent: Thursday, October 25, 2001 2:31 PM
To: mapserver-users at lists.gis.umn.edu
Subject: [mapserver-users] Map server security issue 


Hi Folks:

Does anyone know map server security issue  ? We just installed the
MapServer on our system. We would need  a fairly detailed report on
any security issues of a from-scratch server-based application.

Thanks !

John Qu

NASA/GSFC/DISC







More information about the MapServer-users mailing list