On 2/19/2013 10:45 AM, Mark Volz wrote:
Hi,

I have a server that I would like to run both internal and external 
applications on it.  I know I can use apache to limit who can access internal 
web pages.  However, is there any mechanism to stop an external user from 
drawing an internal actual .map file?  For example, what would stop someone 
from changing the requested map from: 
http://myserver/cgi-bin/mapserv.exe?map=External.map.  To:  
http://myserver/cgi-bin/mapserv.exe?map=Internal.map.

I could see this as an issue if I want to enable wms.

One way would be to create a wrapper around mapserver for the internal vs external connections, that prepends a path to the mapfile path like:

map=/external/$map
vs
map=/internal/$map

You would need to do some check of the path to clean something like: ../internal/...

The other thing you could do is run two instances of apache with different uids and separate the internal and external file into separate directories with filesystem perms that prevent external from accessing the internal ones.

Lots of choices, at the system level, probably not that many in mapserver.

Probably the best thing is two separate servers, the internal on not accessible from the external connection. Or maybe two virtual hosts on one box?

-Steve W

_______________________________________________
mapserver-users mailing list
[email protected]
http://lists.osgeo.org/mailman/listinfo/mapserver-users

Reply via email to