aleda_freeman ha scritto: > Andrea, thought I'd chime in from MassGIS on what we're looking for in > security.
Nice, thank you for tyour feedback :) > We are currently serving 602 layers. 99% of them are public, meaning full > access. > We would not want any need for authentication to see or use these layers. Ok, this is covered. > We want users to be able to use these layers in as many clients as possible > (ArcMap, uDig, OpenLayers, Google maps, etc). Besides ArcMap that we cannot test because we don't own any license, the others should be working. > There are a few layers for which we hide certain fields, this already can be > done. How did you do that, creating views in the database? > There are a few layers for which we limit WFS features, this already can be > done. (make the user work with one feature at a time). And this one, how did you do it? Is it just setting a maxFeatures limit or is that a filter? > There are a few layers which I haven't loaded into GeoServer yet because I > would like only certain users to access them. I don't think we care if > people know that they exist (see them in a GetCapabilities) (although if > they didn't, that would be a plus), but the key is that only authorized > users can do WMS/WFS with these layers. Maybe we fall in the MIXED category > then. Since you don't care strongly if people see they are there, CHALLENGE or MIXED should both work for you. > There are few layers that are editable and we'd like to set up authorization > so that only certain users can edit these layers. Per layer security will suit that need as well. The only significant limitation as of now is that we're not switching to HTTPS when authentication is needed, so the username/password travel over then net in hashed format and can be sniffed and decrypted easily. However, I'm not sure how many web containers do support HTTPS out of the box (without config) and how many existing users with proxies I'm going to bust if I enable that, so I'll need some time to think about to best handle this. Cheers Andrea ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Geoserver-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-devel
