IOW, you can't simply do away with mg users and groups. Ed Jobe
----- Original Message ---- From: Jason Birch <[EMAIL PROTECTED]> To: MapGuide Users Mail List <[email protected]> Sent: Friday, October 10, 2008 11:22:33 AM Subject: RE: [mapguide-users] SQL Import Spatial Data Ah. Yes, I think MapGuide’s authentication is fine, but the authorization model is a bit dysfunctional. Active Directory / LDAP are not directly supported, so you’d have to test group membership in your application and map this to the appropriate RO/RW users on the MapGuide server, and make sure that everything goes over SSL. This doesn’t isolate you from poorly-behaved users or CSS attacks stealing a session key and using it directly against the web tier though. I think the only way of dealing with this particular issue is fixing the MapGuide security model. Jason From:ed57gmc-bus Subject: Re: [mapguide-users] SQL Import Spatial Data AD is Active Directory. I was planning on using it for authentication. I forgot who it was that said it, but they felt that mg's security was "broken".
_______________________________________________ mapguide-users mailing list [email protected] http://lists.osgeo.org/mailman/listinfo/mapguide-users
