MapServer & PostGIS Security
Umberto Nicoletti
umberto.nicoletti at GMAIL.COM
Sun Dec 24 11:12:19 EST 2006
Mapserver implements encryption of username and password in mapfile, see:
http://mapserver.gis.umn.edu/development/rfc/ms-rfc-18/
Umberto
On 12/23/06, Bill Thoen <bthoen at gisnet.com> wrote:
> I've just recently got MapServer going with data from a PostGIS connection
> and I'd like to know what the "best practices" are in terms of security.
> The problem I see is that you have to put a PostGIS username and password
> in your mapfile on the CONNECTION line, which is easily viewed by anyone.
>
> So what I've done is moved my mapfile out of the html directory tree and
> am also using a user with read-only privs to the tables I want to display
> and access to nothing else. But what do people who know what they're doing
> do to ensure that there are no security holes?
>
> TIA,
>
> - Bill Thoen
>
More information about the mapserver-users
mailing list