Applying security to individual layers or classes

Blammo bob.basques at CI.STPAUL.MN.US
Sun Nov 28 16:14:05 PST 2004


All,

I've had some thoughts centered around this as well.

I've personally been leaning towards a database solution, where in the
Layers are defined seperately as records in a DB and read into a semi
dynamix MAPFILE from the database based on Login.

The end product would be CGI based. with the operation MAPFILE being
built on the fly.  Another reason this is an attractive idea is that we
have seperate Mapfiles now for each Layer and use DHTML to bring things
together at the client by stacking Backgrounds and overlays.  The
MapFiles are also administered by the individual data custodians.

This is only an idea at this point, but it seems like a logical approach
to the security issue.   The Template mapfile can then be set up with
the basic (unsecured) layers and the sercure layers can be added in at
will via a simple DB call based on login.

bobb


Jacob Delfos wrote:

>Hi All,
>
>Lately we have had a few scenarios where we need to limit the level of =
>information for particular users. In one instance, we even had to set up =
>over 20 different levels of access. So far I used server-side scripting, =
>or created separate mapfiles. But this is not flexible, and can get very =
>complex (especially with querying using chameleon).
>
>I thought it could be very useful to have a "security" attribute in =
>classes and layers. You could imagine this as a layer or a class simply =
>being ignored when the mapobject is built. Or perhaps a temporary copy =
>of the mapfile is created, stripped of all objects that don't satisfy =
>the security-level. The security attribute could be a delimited list of =
>the users that are allowed to view the information. The username could =
>be picked up from the web-server (in PHP I use the REDIRECT_REMOTE_USER =
>server-variable in Apache 2.52; this would allow a nice integration with =
>existing security mechanisms).  I thought this would be a very =
>convenient and flexible way to have different levels of access. Of =
>course the original mapfile can not be publically accessable when =
>security is applied.
>
>Does anyone have any other approach to applying different levels of =
>security? I'd be very happy to hear about other solutions.
>
>regards,
>
>Jacob
>
>
>



More information about the MapServer-users mailing list