hello, we plan to extent mapbenders owsproxy function to support http_digest authentication (http://www.ietf.org/rfc/rfc2617.txt) too. with this possibility and the use of https we can make a relativ secure connection between different mapbender installations or between mapbender and clients who support the http_digest authentication. we think, it will be easy to extent clients to support the http_digest. one critical performance problem will be, that mapbender must control the authorization at every getmap, getfeatureinfo, getlegendgraphics and getcap request. this maybe solved by caching the authorization info in an indexed version (lucene or textfile). for supporting the http_digest, we have to store the digest (md5 ('username:realm:password')) in the mb_user table. this hash must be updated every time the username or the password changes (cannot be done by db trigger, cause the password is stored as md5 hash in the mb_user table). for the mapbender http_digest client side the wms table has to be extented for username and digest columns. when someone upload a http_digest secured wms he has to give a username and a password which will be used to create the secured connection to this service (by the use of curl). the viewing of such a service can only be done by using the mapbender owsproxy. this is the idea and should be realized until end of september. any ideas or suggestions to this are welcome. please send them to the dev-list.
regards armin -- Im Auftrag -- Armin Retterath Kompetenz- und Geschäftsstelle Geodateninfrastruktur Rheinland-Pfalz beim Landesamt für Vermessung und Geobasisinformation Rheinland-Pfalz Ferdinand-Sauerbruch-Straße 15 56073 Koblenz Telefon 0261/492-466 Telefax 0261/492-492 [email protected] http://www.geoportal.rlp.de _______________________________________________ Mapbender_dev mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapbender_dev
