[OpenLayers-Users] secure WMS and WFS
Christopher Schmidt
crschmidt at metacarta.com
Wed Feb 14 09:02:26 EST 2007
On Wed, Feb 14, 2007 at 11:03:23AM +0100, Eric Lemoine wrote:
> Hi there!
>
> Does anyone have experience with securing access to WMS and WFS
> layers? Say, in the same way it's done in google maps, with a key
> associated with some directory of one's website.
Eric --
I've done a variety of different things, each depending on the:
* Level of security you need
* Level of hassle your users can go through
Assuming that you're not trying to *protect* your WMS data -- that is,
assuming that it's public information -- what you want to do is limit
the use of it. Note that Google does not do this at the tile level:
instead, tiles are open for anyone to see, and they use legal means to
track down and stop anyone using the tiles outside their mapping div.
If the information is public, then the best way to do it is probably to
implement a mechanism whereby a temporary token can be granted. That
token is then set as a parameter on the layer, and is checked before
the WMS image is returned. This can be done using an authentication
handler in Apache, or a wrapper script around your WMS server.
If your information is not public, then you need to set up actual user
authentication. This is actually really simple (again, in Apache) --
simply set up Basic Authentication around the location where the WMS is
served, and the browser will require users to login (via a popup-like
box, see http://developers.metacarta.com/account/) before the tiles will
be displayed.
It all depends on your needs, and your setup.
I've implemented both of these types of access for the MetaCarta Web
Services (http://developers.metacarta.com/) and would be glad to advise
on specific questions if you have any.
Regards,
--
Christopher Schmidt
MetaCarta
More information about the Users
mailing list