[mapserver-users] MapServer .map file security question
Basques, Bob (CI-StPaul)
bob.basques at ci.stpaul.mn.us
Tue Feb 19 08:16:58 PST 2013
We do some stuff with Apache re-write rules for specially named files. Only certain naming conventions can be seen on the outside. This leaves the permissions aspects up the data owners to administer.
Bobb
>> -----Original Message-----
>> From: mapserver-users-bounces at lists.osgeo.org [mailto:mapserver-
>> users-bounces at lists.osgeo.org] On Behalf Of Mark Volz
>> Sent: Tuesday, February 19, 2013 9:45 AM
>> To: mapserver-users at lists.osgeo.org
>> Subject: [mapserver-users] MapServer .map file security question
>>
>> Hi,
>>
>> I have a server that I would like to run both internal and
>> external applications on it. I know I can use apache to limit
>> who can access internal web pages. However, is there any
>> mechanism to stop an external user from drawing an internal
>> actual .map file? For example, what would stop someone from
>> changing the requested map from: http://myserver/cgi-
>> bin/mapserv.exe?map=External.map. To: http://myserver/cgi-
>> bin/mapserv.exe?map=Internal.map.
>>
>> I could see this as an issue if I want to enable wms.
>>
>> Thanks
>>
>> Mark Volz
>> GIS Specialist
>>
>>
>> _______________________________________________
>> mapserver-users mailing list
>> mapserver-users at lists.osgeo.org
>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
More information about the mapserver-users
mailing list