[OpenLayers-Users] Control access to WMS

Steve.Toutant at inspq.qc.ca Steve.Toutant at inspq.qc.ca
Wed Oct 14 15:54:04 EDT 2009


Thanks Robert,
Interesting.
If someone is using a client such as gaia or qgis, can he access the 
layers only by entering "http://10.64.20.120/cgi-bin/gsswms.exe?" as the 
URL
Or if we do a getMap request, what happen?

I tried, but maybe it is not a public site
Steve

Steve Toutant, M. Sc.
Analyste en géomatique
Secteur environnement
Direction des risques biologiques, environnementaux et occupationnels
Institut national de santé publique du Québec
945, avenue Wolfe
Québec, Qc G1V 5B3 
Tél.: (418) 650-5115 #5281
Fax.: (418) 654-3144
steve.toutant at inspq.qc.ca
http://www.inspq.qc.ca
 




"Robert Sanson" <SansonR at asurequality.com>@openlayers.org 
Envoyé par : users-bounces at openlayers.org
14/10/2009 03:34 PM

A
<Steve.Toutant at inspq.qc.ca>, "Daniel Morissette" 
<dmorissette at mapgears.com>, <users-bounces at openlayers.org>
cc
users at openlayers.org
Objet
Re: [OpenLayers-Users] Control access to WMS








I have made copies of mapserv.exe in my cgi-bin to other names such as 
gsswms.exe. I then have a line at the bottom of httpd.conf:
 
SetEnvIf Request_URI "/cgi-bin/gsswms.exe?" 
MS_MAPFILE=/ms4w/apps/service/nztm.map
 
So I then use a layer definition for OL such as :
 
var topowms = new OpenLayers.Layer.WMS( "Topos",
                         "http://10.64.20.120/cgi-bin/gsswms.exe?",
                          {layers: 
['nzislands','nznoaa','nz1mtm','nz250ktm','ci250k','nz50ktm','ci50kcitm'], 
transparent: 'true',format: "image/png"},
                          {singleTile: true, isBaseLayer: false, 
minResolution: 2000, visibility: false} );
 
regards,
 
Robert Sanson

>>> <Steve.Toutant at inspq.qc.ca> 15/10/2009 2:53 a.m. >>>

Thanks all for your help, 
I'll have in a near future to implement a fully secured private site since 
I'm gonna have to publish VERY sensible data via WMS. I can tell that this 
issue scares the IT group. Story to follow... 
But for now, obscurity is sufficient. 

I'm a bit in obscurity myself regardin http_referer...I need to know more 
about the mechanic... 
It's not clear what I should do in the mapfile and in my OpenLayers code? 

I added Daniel's code in Apache conf. 

"Then your WMS requests should refer to the mapfile using "map=MYMAP" 
instead of a full path. If the referrer is not valid, then MYMAP will 
not be set and MapServer will spit out an error."

Do I need to use the MYMAP environment variabble in the mapfile or in OL 
code, or both? 

I'm using OpenLayers to create a WMS layer with new 
OpenLayers.Layer.WMS(name, url, params, options); 
Instead of the path of the mapfile should I use MYMAP (Environment 
variable MYMAP defined in the conf of Apache). If so, Is there some magic 
there to get the environment variable value? Should I get it with some php 
code? 

Thanks 
Steve 






Daniel Morissette <dmorissette at mapgears.com>@openlayers.org 
Envoyé par : users-bounces at openlayers.org 
13/10/2009 02:56 PM 


A
users at openlayers.org 
cc

Objet
Re: [OpenLayers-Users] Control access to WMS










Christopher Schmidt wrote:
> 
> If you care about people 'stumbling in', this would be sufficient. If 
you
> actually want to ensure people can't use the data outside of your app,
> it's not.
> 
[...]
> 
> Yeah, something like that is what I would probably do if I wanted 
something
> taht was obscurity and not security. :)
> 

I agree (and I never used the word security). But this may be sufficient 
in some simple cases.  :)

And for a more complete Access Control solution, everyone is invited to 
a presentation of the new GeoPrisma project in a conference near you:

FOSS4G 2009 (Sydney, 2009-10-23):
  http://2009.foss4g.org/presentations/#presentation_146

Géomatique 2009 (Montréal, 2009-10-21):
  http://www.geomatique2009.com/en/papers/program

Daniel
-- 
Daniel Morissette
http://www.mapgears.com/
_______________________________________________
Users mailing list
Users at openlayers.org
http://openlayers.org/mailman/listinfo/users





Click here to report this email as spam.



------------------------------------------------------------------
The contents of this email are confidential to AsureQuality. If you have 
received this communication in error please notify the sender immediately 
and delete the message and any attachments. The opinions expressed in this 
email are not necessarily those of AsureQuality. This message has been 
scanned for known viruses before delivery. AsureQuality supports the 
Unsolicited Electronic Messages Act 2007. If you do not wish to receive 
similar communications in future, please notify the sender of this 
message.
------------------------------------------------------------------


This message has been scanned for malware by SurfControl plc. 
www.surfcontrol.com_______________________________________________
Users mailing list
Users at openlayers.org
http://openlayers.org/mailman/listinfo/users



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/openlayers-users/attachments/20091014/7d522aa8/attachment.html


More information about the Users mailing list