Authentication?
Steve Wormley
steve at WORMLEY.COM
Mon Oct 31 13:38:02 PST 2005
Currently I have a perl wrapper script which does the authentication and
some various CGI parameter checks for characters I don't want for SQL
queries.
If it all passes I just:
exec "/path/to/real/mapserv.cgi";
At the end of the script.
(This is for a GET request, not a POST so the environment variables persist
and I don't have to re-post data into the executed cgi.)
-Steve Wormley
On 2005-10-31 13:19, "Steven Monai" <stevem at SPATIALMAPPING.COM> wrote:
> Patrick:
>
> To my knowledge, there is no "out of the box" authentication system for
> MapServer, so it's up to individual applications to implement it.
>
> I have put an "enhancement" request into Bugzilla for simple MAP-level
> authentication for MapServer CGI:
> http://mapserver.gis.umn.edu/bugs/show_bug.cgi?id=1512
>
> Of course, there's no guarantee that anyone's actually going to implement
> it!
>
> Since MapServer doesn't (yet) have this feature, you can still configure
> your web server to protect the MapServer CGI program itself, with Basic
> Authentication (for example). This would force all users of the MapServer
> CGI to provide valid credentials on every request, regardless of the map
> file specified. This could be acceptable if yours is the only application
> on the server that uses MapServer.
>
> Another alternative is to implement a CGI "wrapper" that does the
> authentication checks before passing valid requests along to MapServer.
> Incoming requests to the MapServer CGI that do not come through the wrapper
> would have to be rejected, but I'm not sure how this would be accomplished.
> Perhaps the wrapper would set an environment variable that the web server
> uses in a conditional statement that allows or denies access to the
> MapServer CGI, depending on the existence of the variable.
>
> I hope this gave you some ideas.
>
> Regards,
> -SM
> --
>
>
>
> On Mon, 31 Oct 2005 13:23:41 +0800, Patrick Kosiol <patrick.kosiol at GMX.DE>
> wrote:
>
>> Hi,
>>
>> are there any user/password authentication integrations for mapserver
>> implemented somewhere?
>>
>>
>> Regards,
>>
>> Patrick
More information about the MapServer-users
mailing list