[OpenLayers-Users] secure WMS and WFS

Eric Lemoine eric.lemoine at gmail.com
Wed Feb 14 12:39:10 EST 2007


Christopher,

On 2/14/07, Christopher Schmidt <crschmidt at metacarta.com> wrote:
> On Wed, Feb 14, 2007 at 11:03:23AM +0100, Eric Lemoine wrote:
> > Hi there!
> >
> > Does anyone have experience with securing access to WMS and WFS
> > layers? Say, in the same way it's done in google maps, with a key
> > associated with some directory of one's website.
>
> Eric --
>
> I've done a variety of different things, each depending on the:
>  * Level of security you need
>  * Level of hassle your users can go through
>
> Assuming that you're not trying to *protect* your WMS data -- that is,
> assuming that it's public information -- what you want to do is limit
> the use of it. Note that Google does not do this at the tile level:
> instead, tiles are open for anyone to see, and they use legal means to
> track down and stop anyone using the tiles outside their mapping div.
>
> If the information is public, then the best way to do it is probably to
> implement a mechanism whereby a temporary token can be granted. That
> token is then set as a parameter on the layer, and is  checked before
> the WMS image is returned. This can be done using an authentication
> handler in Apache, or a wrapper script around your WMS server.
>
> If your information is not public, then you need to set up actual user
> authentication. This is actually really simple (again, in Apache) --
> simply set up Basic Authentication around the location where the WMS is
> served, and the browser will require users to login (via a popup-like
> box, see http://developers.metacarta.com/account/) before the tiles will
> be displayed.

Two things regarding that solution:

(1) To me if the information isn't public one needs to encrypt that
information. Authentication isn't sufficient.

(2) For that solution to work the actual WMS server needs to support
authentication. From what I've read so far, neither geoserver nor
mapserver support it.

Thanks,


-- 
Eric



More information about the Users mailing list