MapServer & PostGIS Security

Umberto Nicoletti umberto.nicoletti at GMAIL.COM
Sun Dec 24 08:12:19 PST 2006


Mapserver implements encryption of username and password in mapfile, see:
http://mapserver.gis.umn.edu/development/rfc/ms-rfc-18/

Umberto

On 12/23/06, Bill Thoen <bthoen at gisnet.com> wrote:
> I've just recently got MapServer going with data from a PostGIS connection
> and I'd like to know what the "best practices" are in terms of security.
> The problem I see is that you have to put a PostGIS username and password
> in your mapfile on the CONNECTION line, which is easily viewed by anyone.
>
> So what I've done is moved my mapfile out of the html directory tree and
> am also using a user with read-only privs to the tables I want to display
> and access to nothing else. But what do people who know what they're doing
> do to ensure that there are no security holes?
>
> TIA,
>
> - Bill Thoen
>



More information about the MapServer-users mailing list