MapServer & PostGIS Security
Bill Thoen
bthoen at GISNET.COM
Fri Dec 22 18:47:34 EST 2006
I've just recently got MapServer going with data from a PostGIS connection
and I'd like to know what the "best practices" are in terms of security.
The problem I see is that you have to put a PostGIS username and password
in your mapfile on the CONNECTION line, which is easily viewed by anyone.
So what I've done is moved my mapfile out of the html directory tree and
am also using a user with read-only privs to the tables I want to display
and access to nothing else. But what do people who know what they're doing
do to ensure that there are no security holes?
TIA,
- Bill Thoen
More information about the mapserver-users
mailing list