[Mapserver-users] Mapserver Security Issues
Martin, Daniel A
Daniel.A.Martin at erac.com
Tue Jan 20 11:46:54 EST 2004
Your data directory has no business inside wwwroot. In fact, you should
have almost nothing inside wwwroot, including all of your templates, map
files, and data.
The only exceptions are:
-mapserver cgi itself
-rosa or mapplet if you use them
-init pages that set up your variables for specific mapping application
-the no-records query page, that (from my experience) must be available
directly as a URL
If you don't follow this guideline, it is very easy for someone to get
at your MapServer code (templates, map files, data, etc.). And there is
absolutely no benefit to placing anything other than those things I
mention into wwwroot.
-Dan
> -----Original Message-----
> From: mapserver-users-admin at lists.gis.umn.edu
> [mailto:mapserver-users-admin at lists.gis.umn.edu] On Behalf Of
> Michael Smith
> Sent: Tuesday, January 20, 2004 10:10 AM
> To: mapserver-users at lists.gis.umn.edu
> Subject: [Mapserver-users] Mapserver Security Issues
>
>
> Hi all,
>
> I plan on running Mapserver on a Windows 2003 Server running
> IIS 6. What security issues should be considered for running
> Mapserver since I assume many of you are currently hosting
> Mapserver on your webs. Does anyone have and suggestions,
> considerations, or web sites with any info on this?
>
> One issue my IT dept. suggested was housing my "data"
> directory outside of my IIS wwwroot folder...is this a
> security concern?
>
> Michael Smith, Planner II
> City of San Angelo
> Planning & Development
> 325.657.4210 Fax: 325.481.2648
> Email: msmith at sanangelompo.org
>
> _______________________________________________
> Mapserver-users mailing list
> Mapserver-users at lists.gis.umn.edu
> http://lists.gis.umn.edu/mailman/listinfo/maps> erver-users
>
More information about the mapserver-users
mailing list