[Tilecache] Protecting a tilecache from outside

[Stephen Woodbridge]

Jacolin Yves wrote:
> Le Thursday 17 April 2008 17:32:10 Stephen Woodbridge, vous avez écrit :
>> Jacolin Yves wrote:
>>> Hi,
>>>
>>> As you may know I succeed to use TC in mod_python successfully yesterday.
>>> One of the last problem remains is that we would like to protect TC
>>> server from people outside our website. That means only OpenLayers in
>>> your website application can use it.
>>>
>>> In cgi mode, we used a wrapper which retrieve a key parameter and compare
>>> it with the key in the file then if ok send the request to TC. As you see
>>> it is not really a "secure" process.
>>>
>>> Here how we did with mod_python. First of all add this two line in the
>>> vhost close your configuration parameter for TC:
>>>
>>> <Directory "/var/www/../Carto/tilecache-1.9/">
>>>   AddHandler python-program .py
>>>   PythonHandler TileCache.Service
>>>   PythonOption TileCacheConfig /var/www/.../Carto/cgi/tilecache.cfg
>>>   SetEnvIf Referer www\.lpdipro\.dev\.local\.yves intra_site_referral
>>>   Deny from all
>>>   Allow from env=intra_site_referral
>>> </Directory>
>>>
>>> Only request form our application will be successful. If you try to
>>> request TC directly you will get a "no access" error page.
>>>
>>> Hope it helps. If you think I am wrong, tell me ;)
>>>
>>> Regards,
>>>
>>> Y.
>> It is trivial to set the referer. Below is a man page from wget, it is
>> also trivial to do this with a perl script that could proxy tile
>> requests to your TC.
>>
>> So, not any more secure than your key parameter, maybe a little more
>> obscure, but security through obscurity is general not that good.
>>
>> It might be more secure to have the user login and set a cookie that is
>> time limited. then only serve the tile of the cookie is good. If the
>> cookie has expired you would have to have the client login again. I
>> would make the contents of each cookie unique and do some additional
>> tests if you want to make sure the cookie is not request from multiple
>> hosts.
>>
>> -Steve
>>
>>
>> man wget
>>
>> ...
>>
>>         --referer=url
>>             Include âReferer: urlâ header in HTTP request.  Useful for
>> retrievâ
>>             ing documents with server-side processing that assume they are
>>             always being retrieved by interactive web browsers and only
>> come out properly when Referer is set to one of the pages that point to
>>             them.
> Hi,
> 
> Indeed ! I think security is just get something acceptable between the server 
> security and the development time. It could be ok for us, but I will check 
> your way. And add some question:
> * How can I use a cookie on the server side, is it possible?
> * Hown can I manage this?

When the user logs in or hits you home page you want the server to set a 
cookie that is probably based on your domain and set a unique id and the 
time the cookie was created/modified. This probably means that it needs 
to be a script like php/perl/python/etc that serves that page. You might 
want to store the remote host IP with the cookie on the server so you 
can check if it was stolen.

When you request a tile from the same domain, you will get the cookie, 
and validate that the id is one that was served at that time and that it 
is valid to continue serving tiles to it, like the remote host IP matches.

You can also purge records that are older than some number of hours.

So if someone fakes a cookie, you will not recognize it as a valid 
cookie, if someone steals a cookie and time, it will not be good after 
it has been purged and will not be good if the host IP does not match.

Anyway, that is the idea. You might need to fine tune it a little for 
your needs.

-Steve W