Ah. Yes, I think MapGuide's authentication is fine, but the authorization model is a bit dysfunctional.
Active Directory / LDAP are not directly supported, so you'd have to test group membership in your application and map this to the appropriate RO/RW users on the MapGuide server, and make sure that everything goes over SSL. This doesn't isolate you from poorly-behaved users or CSS attacks stealing a session key and using it directly against the web tier though. I think the only way of dealing with this particular issue is fixing the MapGuide security model. Jason From: ed57gmc-bus Subject: Re: [mapguide-users] SQL Import Spatial Data AD is Active Directory. I was planning on using it for authentication. I forgot who it was that said it, but they felt that mg's security was "broken".
_______________________________________________ mapguide-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapguide-users
