[mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes

Siki Zoltan siki at agt.bme.hu
Tue Jan 7 03:29:55 PST 2014


Dear Stefan,

you can create one wrapper script for each maps file
or you can ask only the name (without path) of the map file and your 
wrapper adds the path to the name.

Regards,
Zoltan

On Tue, 7 Jan 2014, Stefan Schwarzer wrote:

> Thanks for all the valuable help!
>
> If I place the .MAP file somewhere where only the system can read it, the request looks a bit awkward: ?.map=/home/include/mapfiles/my_map.map&?.
>
> Would there a possibility to juste use ?map=my_map&? and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)?
>
> For the Wrapper, I don't really understand how that one would work. I have multiple .MAP files. And they need to by WMS-compliant. If I understand correctly, the URL would call the script: http://my_url.org/my_script, right? Hmmmm...
>
> It says:
>
> 	#!/bin/sh
> 	MAPSERV="/path/to/my/mapserv"
> 	MS_MAPFILE="/path/to/my/mapfile.map" exec ${MAPSERV}
>
> Thanks for any help!
>
> Stefan
>
>
>
> On 06.01.2014, at 11:03, Siki Zoltan wrote:
>
>> Hi Stefan,
>>
>> you should hide your map file using a wrapper script on the server side.
>> See http://mapserver.org/cgi/wrapper.html
>> You can find some other methods at http://mapserver.org/ogc/wms_server.html
>> look for "Changing the Online Resource URL"
>>
>> Regards,
>> Zoltan
>>
>> On Mon, 6 Jan 2014, Stefan Schwarzer wrote:
>>
>>> Hi there,
>>>
>>> I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too.
>>>
>>> 	    # Layers definition ---------------------
>>> 	    LAYER
>>> 	        NAME wilderness_areas_po
>>> 			METADATA
>>> 				'wcs_label'           'Wilderness Areas'
>>> 				'wcs_rangeset_name'   'test'
>>> 				'wcs_rangeset_label'  'test label'
>>> 			END
>>> 	        TYPE RASTER
>>> 	        STATUS OFF
>>> 	        DATA wilderness_areas_po
>>> 	        CONNECTIONTYPE postgis
>>> 	        CONNECTION 'user=my_username password=my_password dbname=my_database'
>>> 	        PROJECTION
>>> 	            'init=epsg:4326'
>>> 	        END
>>> 		END
>>>
>>>
>>> Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that.
>>>
>>> What are your recommendations?
>>>
>>> Thanks for any hints.
>>>
>>> Stefan
>>> _______________________________________________
>>> mapserver-users mailing list
>>> mapserver-users at lists.osgeo.org
>>> http://lists.osgeo.org/mailman/listinfo/mapserver-users
>>>
>
>



More information about the MapServer-users mailing list