Applying security to individual layers or classes

[Jacob Delfos]

Hi All,

Lately we have had a few scenarios where we need to limit the level of information for particular users. In one instance, we even had to set up over 20 different levels of access. So far I used server-side scripting, or created separate mapfiles. But this is not flexible, and can get very complex (especially with querying using chameleon).

I thought it could be very useful to have a "security" attribute in classes and layers. You could imagine this as a layer or a class simply being ignored when the mapobject is built. Or perhaps a temporary copy of the mapfile is created, stripped of all objects that don't satisfy the security-level. The security attribute could be a delimited list of the users that are allowed to view the information. The username could be picked up from the web-server (in PHP I use the REDIRECT_REMOTE_USER server-variable in Apache 2.52; this would allow a nice integration with existing security mechanisms).  I thought this would be a very convenient and flexible way to have different levels of access. Of course the original mapfile can not be publically accessable when security is applied.

Does anyone have any other approach to applying different levels of security? I'd be very happy to hear about other solutions.

regards,

Jacob



JACOB DELFOS
SPATIAL INFORMATION ANALYST
Maunsell Australia Pty Ltd
629 Newcastle Street, WA 6007
PO Box 81, WA 6902
Leederville 
Western Australia
ABN 20 093 846 925

Tel     + 61 8 9281 6185
Fax    + 61 8 9281 6297
jacob.delfos at maunsell.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/mapserver-users/attachments/20041129/1a3233b8/attachment.html