[Qgis-developer] QEP: QGIS Mapserver Python Plugins

[Alessandro Pasotti]

2014-08-29 15:13 GMT+02:00 Andrea Peri <aperi2007 at gmail.com>:
> Another question.
> Is about the security of the environment.
>
> I don't know too well the possibility of python in a qgis project.
> But I fear that a qgis project could have some python code to start ad
> startup of the qgis project.
> This mean that the same code should be run in the server when it start
> a qgis-server instance in fcgi ?

No.

Plugin in QGIS desktop application are not bound to projects but to
the user preferences (i.e. are installed in user directory and every
single user can enable/disable/install/remove plugins independently.

The same is for the server plugins, but because the server user
doesn't normally have a user directory, the path in which plugins are
stored is configurable by some environmen variables that points the
plugins path to a directory of your choice, this can be one of the
(trusted) user's directories or whatever else you choose.

This means that you could have different FGCI server instances (apache
virtual servers, for example) that use different sets of environment
options and point to different sets of installed plugins.

As always, it's administrator's choice how to configure the
environment and secure it (choose proper permissions etc).

Up to this point, there is nothing new or special for QGIS.

For python startup code, this is simply ignored by my implementation
but it would be possible to write a server plugin that parses the
project file and executes it (not that I see anything useful in doing
that).


>
> However the more important option is
> to be able to choose to fully disable this option.

Just done.


-- 
Alessandro Pasotti
w3:   www.itopen.it