Hi
The "problem" is when accessing projects via the client.php?project= syntax,
the security context stay the default project because GET parameters are
handled too late for security.
one easy solution is to make "shortcut" php files (3.2.5
http://www.cartoweb.org/doc_head/docbook/xhtml/user.project.html#user.project.use.client)
for each projects and simply access them with projectname.php instead of
client.php?project=projectname
that way the project name is defined via $_ENV and the info is provided soon
enough so the context is correct for the security.
regards
Oliver
Hello,
I have a couple of projects in my CW 3.4 installation. Each project is
used by different people. There is one start page outside CW where the
users can choose the project. Then the CW client.php is called with the
appropriate project=... GET parameter. So far everything works fine. If I
activate now the auth plugin and require all users to authenticate
(securityAllowedRoles = loggedIn in client.ini) authentication is never
successful. I found out that CW uses not the auth.ini file from the
selected project, but from the test_main project, which seems to be some
kind of default in my environment. This suspicion was confirmed when I
copied one auth.ini file into the test_main project. Doing so the
authentication is successful, but I end up seeing the test_main page.
Therefore, I am guessing that the auth plugin throws all get parameters
away.
Is my config buggy? If no, does anybody know a workaround?
Regards Matthias
_______________________________________________
Cartoweb-users mailing list
[email protected]
http://lists.maptools.org/mailman/listinfo/cartoweb-users
_______________________________________________
Cartoweb-users mailing list
[email protected]
http://lists.maptools.org/mailman/listinfo/cartoweb-users
