Mapserver implements encryption of username and password in mapfile, see: http://mapserver.gis.umn.edu/development/rfc/ms-rfc-18/
Umberto On 12/23/06, Bill Thoen <[EMAIL PROTECTED]> wrote:
I've just recently got MapServer going with data from a PostGIS connection and I'd like to know what the "best practices" are in terms of security. The problem I see is that you have to put a PostGIS username and password in your mapfile on the CONNECTION line, which is easily viewed by anyone. So what I've done is moved my mapfile out of the html directory tree and am also using a user with read-only privs to the tables I want to display and access to nothing else. But what do people who know what they're doing do to ensure that there are no security holes? TIA, - Bill Thoen
