On 2/19/2013 10:45 AM, Mark Volz wrote:
Hi,
I have a server that I would like to run both internal and external
applications on it. I know I can use apache to limit who can access internal
web pages. However, is there any mechanism to stop an external user from
drawing an internal actual .map file? For example, what would stop someone
from changing the requested map from:
http://myserver/cgi-bin/mapserv.exe?map=External.map. To:
http://myserver/cgi-bin/mapserv.exe?map=Internal.map.
I could see this as an issue if I want to enable wms.
One way would be to create a wrapper around mapserver for the internal
vs external connections, that prepends a path to the mapfile path like:
map=/external/$map
vs
map=/internal/$map
You would need to do some check of the path to clean something like:
../internal/...
The other thing you could do is run two instances of apache with
different uids and separate the internal and external file into separate
directories with filesystem perms that prevent external from accessing
the internal ones.
Lots of choices, at the system level, probably not that many in mapserver.
Probably the best thing is two separate servers, the internal on not
accessible from the external connection. Or maybe two virtual hosts on
one box?
-Steve W
_______________________________________________
mapserver-users mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapserver-users