[mapserver-users] Map server security issue

klehr1 at tampabay.rr.com klehr1 at tampabay.rr.com
Thu Oct 25 18:10:25 EDT 2001 

Ed & John:

Hi- I had the same questions.

I put my shape files, html templates, and the .map files all in a location
readable by the web server unix user (apache - webuser is the user running
on my server).  i.e. /usr/maps/project

Only the generated gifs are in a location that is referencable via a web
server.  /var/www/html/mapimpages  (http://domain/mapimpages/generated.gif)

The web server can access the shape, maps, and template files during
creation, the client browsers can only access the gifs generated by
mapserver script.

This way the web users can not grab my shapefile or my map files (the
intellectual property).

All the best
Steve Lehr

----- Original Message -----
From: Ed McNierney <ed at topozone.com>
To: John Qu <jqu at eosdata.gsfc.nasa.gov>; <mapserver-users at lists.gis.umn.edu>
Sent: Thursday, October 25, 2001 3:23 PM
Subject: RE: [mapserver-users] Map server security issue


> John -
>
> MapServer is a CGI application and has no special "security issues"
> associated with it.  As part of its execution it creates temporary image
> files which are then read by client browsers.  From a security
> perspective, Web browser users must have the following access rights:
>
> The right to execute the MapServer CGI binary
> The right to read the MapServer MAP definition file(s)
> The right to read the shapefiles, raster images, etc. used to create a
> MapServer map
> The right to write output map images to a temporary directory
> The right to read those images from that temporary directory
>
> There's nothing special here - nothing unusual.  If you can tell us what
> operating system you're running MapServer on, and whether this is to be
> run on a Web site that's open to the public (anonymous users) or whether
> it's on a secure Intranet system, we can probably give you more tips.
>
> - Ed
>
> Ed McNierney
> Chief Mapmaker
> TopoZone.com
> ed at topozone.com
> (978) 251-4242
>
>
> -----Original Message-----
> From: John Qu [mailto:jqu at eosdata.gsfc.nasa.gov]
> Sent: Thursday, October 25, 2001 2:31 PM
> To: mapserver-users at lists.gis.umn.edu
> Subject: [mapserver-users] Map server security issue
>
>
> Hi Folks:
>
> Does anyone know map server security issue  ? We just installed the
> MapServer on our system. We would need  a fairly detailed report on
> any security issues of a from-scratch server-based application.
>
> Thanks !
>
> John Qu
>
> NASA/GSFC/DISC
>
>
>
>
>

More information about the mapserver-users mailing list