Hi, regarding the security problems of the sld mechanisms we faced during the dev-sprint, i updated the sld parts in 2.5 branch with prep statements and validateSessions checks for all modules. One problem remains: when providing a remote or local wms with a dynamic sld-url, this url is called from the wms without login credentials thus this call would fail. I have therefore extracted the relevant function to a new module, that does not validate the session (sld/sld_function_getusersld.php). Christoph, Uli what do you think about that? My idea of maybe using the owsproxy area is actually of no use, since the whole owsproxy stuff relies on a session, so this would get us not far, i think.
Cheers, Michael -- ----------------------------------------------------------- Michael Schulz [EMAIL PROTECTED] in medias res Gesellschaft für Informationstechnologie mbH In den Weihermatten 66 79108 Freiburg Tel +49 (0)761 556959-5 Fax +49 (0)761 556959-6 http://www.webgis.de / http://www.zopecms.de ----------------------------------------------------------- _______________________________________________ Mapbender_dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapbender_dev
