[mapserver-users] MapServer .map file security question
Martin Kofahl
martin.kofahl at gmail.com
Tue Feb 19 10:53:50 PST 2013
Hello,
with Apache you can set MS_MAPFILE pointing to the desired mapfile and
MS_MAP_NO_PATH in order to disallow overriding it with &map= in the url.
Using this, you even don't have to use &map= at all.
Kind regards,
Martin
2013/2/19 Mark Volz <MarkVolz at co.lyon.mn.us>
> Hi,
>
> I have a server that I would like to run both internal and external
> applications on it. I know I can use apache to limit who can access
> internal web pages. However, is there any mechanism to stop an external
> user from drawing an internal actual .map file? For example, what would
> stop someone from changing the requested map from:
> http://myserver/cgi-bin/mapserv.exe?map=External.map. To:
> http://myserver/cgi-bin/mapserv.exe?map=Internal.map.
>
> I could see this as an issue if I want to enable wms.
>
> Thanks
>
> Mark Volz
> GIS Specialist
>
>
> _______________________________________________
> mapserver-users mailing list
> mapserver-users at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/mapserver-users/attachments/20130219/c20a797d/attachment.htm>
More information about the MapServer-users
mailing list