[OpenLayers-Users] Control access to WMS
Steve.Toutant at inspq.qc.ca
Steve.Toutant at inspq.qc.ca
Wed Oct 14 15:54:04 EDT 2009
Thanks Robert,
Interesting.
If someone is using a client such as gaia or qgis, can he access the
layers only by entering "http://10.64.20.120/cgi-bin/gsswms.exe?" as the
URL
Or if we do a getMap request, what happen?
I tried, but maybe it is not a public site
Steve
Steve Toutant, M. Sc.
Analyste en géomatique
Secteur environnement
Direction des risques biologiques, environnementaux et occupationnels
Institut national de santé publique du Québec
945, avenue Wolfe
Québec, Qc G1V 5B3
Tél.: (418) 650-5115 #5281
Fax.: (418) 654-3144
steve.toutant at inspq.qc.ca
http://www.inspq.qc.ca
"Robert Sanson" <SansonR at asurequality.com>@openlayers.org
Envoyé par : users-bounces at openlayers.org
14/10/2009 03:34 PM
A
<Steve.Toutant at inspq.qc.ca>, "Daniel Morissette"
<dmorissette at mapgears.com>, <users-bounces at openlayers.org>
cc
users at openlayers.org
Objet
Re: [OpenLayers-Users] Control access to WMS
I have made copies of mapserv.exe in my cgi-bin to other names such as
gsswms.exe. I then have a line at the bottom of httpd.conf:
SetEnvIf Request_URI "/cgi-bin/gsswms.exe?"
MS_MAPFILE=/ms4w/apps/service/nztm.map
So I then use a layer definition for OL such as :
var topowms = new OpenLayers.Layer.WMS( "Topos",
"http://10.64.20.120/cgi-bin/gsswms.exe?",
{layers:
['nzislands','nznoaa','nz1mtm','nz250ktm','ci250k','nz50ktm','ci50kcitm'],
transparent: 'true',format: "image/png"},
{singleTile: true, isBaseLayer: false,
minResolution: 2000, visibility: false} );
regards,
Robert Sanson
>>> <Steve.Toutant at inspq.qc.ca> 15/10/2009 2:53 a.m. >>>
Thanks all for your help,
I'll have in a near future to implement a fully secured private site since
I'm gonna have to publish VERY sensible data via WMS. I can tell that this
issue scares the IT group. Story to follow...
But for now, obscurity is sufficient.
I'm a bit in obscurity myself regardin http_referer...I need to know more
about the mechanic...
It's not clear what I should do in the mapfile and in my OpenLayers code?
I added Daniel's code in Apache conf.
"Then your WMS requests should refer to the mapfile using "map=MYMAP"
instead of a full path. If the referrer is not valid, then MYMAP will
not be set and MapServer will spit out an error."
Do I need to use the MYMAP environment variabble in the mapfile or in OL
code, or both?
I'm using OpenLayers to create a WMS layer with new
OpenLayers.Layer.WMS(name, url, params, options);
Instead of the path of the mapfile should I use MYMAP (Environment
variable MYMAP defined in the conf of Apache). If so, Is there some magic
there to get the environment variable value? Should I get it with some php
code?
Thanks
Steve
Daniel Morissette <dmorissette at mapgears.com>@openlayers.org
Envoyé par : users-bounces at openlayers.org
13/10/2009 02:56 PM
A
users at openlayers.org
cc
Objet
Re: [OpenLayers-Users] Control access to WMS
Christopher Schmidt wrote:
>
> If you care about people 'stumbling in', this would be sufficient. If
you
> actually want to ensure people can't use the data outside of your app,
> it's not.
>
[...]
>
> Yeah, something like that is what I would probably do if I wanted
something
> taht was obscurity and not security. :)
>
I agree (and I never used the word security). But this may be sufficient
in some simple cases. :)
And for a more complete Access Control solution, everyone is invited to
a presentation of the new GeoPrisma project in a conference near you:
FOSS4G 2009 (Sydney, 2009-10-23):
http://2009.foss4g.org/presentations/#presentation_146
Géomatique 2009 (Montréal, 2009-10-21):
http://www.geomatique2009.com/en/papers/program
Daniel
--
Daniel Morissette
http://www.mapgears.com/
_______________________________________________
Users mailing list
Users at openlayers.org
http://openlayers.org/mailman/listinfo/users
Click here to report this email as spam.
------------------------------------------------------------------
The contents of this email are confidential to AsureQuality. If you have
received this communication in error please notify the sender immediately
and delete the message and any attachments. The opinions expressed in this
email are not necessarily those of AsureQuality. This message has been
scanned for known viruses before delivery. AsureQuality supports the
Unsolicited Electronic Messages Act 2007. If you do not wish to receive
similar communications in future, please notify the sender of this
message.
------------------------------------------------------------------
This message has been scanned for malware by SurfControl plc.
www.surfcontrol.com_______________________________________________
Users mailing list
Users at openlayers.org
http://openlayers.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.osgeo.org/pipermail/openlayers-users/attachments/20091014/7d522aa8/attachment.html
More information about the Users
mailing list