Hiding/encrypting password for PostGIS connection

David Bitner osgis.lists at GMAIL.COM
Fri Jun 24 07:22:20 PDT 2005


I'm not sure about hiding the login information.  
To increase security:
- create a PostgreSQL user with read only access to just the tables
you are using for display

- make sure that your mapfile resides beneath you web document root so
that nobody can get your login information by reading the mapfile
directly

On 6/24/05, Sebastian Albrecht <albrecht at fielax.de> wrote:
> Hello,
> 
> is it possible to hide/encrypt the password given in the CONNECTION
> string of the map file or to pass it from PHP/Mapscript as an
> encrypted string?
> 
> CONNECTIONTYPE postgis
> CONNECTION "USER=dbuser PASSWORD=dbpassword DBNAME=dbname HOST="
> 
> Regards,
> Sebastian
>



More information about the MapServer-users mailing list