No, Tom. This is bad practice. An anti-pattern. Best practice is to use
your web server's authentication and authorization systems. They are
developed by people who have multi-million dollar businesses on the
line, are well tested, and performant.
Sean
Kralidis,Tom [Burlington] wrote:
=20
In addition, one can use mapscript WxS to intercept a request and, say, =
authenticate and process accordingly.
=20
Check out http://www.geoxacml.org as an OGC-ish way extending the OASIS =
XACML spec.
=20
..Tom
=20
=20
________________________________
From: UMN MapServer Users List on behalf of Gregor Mosheh
Sent: Fri 31-Aug-07 14:58
To: [email protected]
Subject: Re: [UMN_MAPSERVER-USERS] adding support for user =
authentication within Mapserver for GetCapablities and GetMap
John Mitchell wrote:
How would I add support for user authentication within Mapserver for
GetCapablities and GetMap?
Sean's answer is basially right: You don't. Security is the webserver's
job, and not Mapserver's. In fact, none of the OGC WxS standards
supports security; they assume that the webserver has already done such
things before calling the application.
You would have to password protect the mapserv binary or the cgi-bin
directory which houses it, not just the one app nor just those functions
or layers.
I have often wondered why the OGC standards left out such a basic
concept as access control. Mysteries of the universe.
--
Gregor Mosheh / Greg Allensworth
System Administrator, HostGIS cartographic development & hosting =
services
http://www.HostGIS.com/
"Remember that no one cares if you can back up,
only if you can restore." - AMANDA
