Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Thanks for all the valuable help!
If I place the .MAP file somewhere where only the system can read it, the
request looks a bit awkward: ….map=/home/include/mapfiles/my_map.map….
Would there a possibility to juste use …map=my_map… and have the path then get
added/understood by some internal configuration (mod_rewrite perhaps?)?
For the Wrapper, I don't really understand how that one would work. I have
multiple .MAP files. And they need to by WMS-compliant. If I understand
correctly, the URL would call the script: http://my_url.org/my_script, right?
H...
It says:
#!/bin/sh
MAPSERV=/path/to/my/mapserv
MS_MAPFILE=/path/to/my/mapfile.map exec ${MAPSERV}
Thanks for any help!
Stefan
On 06.01.2014, at 11:03, Siki Zoltan wrote:
Hi Stefan,
you should hide your map file using a wrapper script on the server side.
See http://mapserver.org/cgi/wrapper.html
You can find some other methods at http://mapserver.org/ogc/wms_server.html
look for Changing the Online Resource URL
Regards,
Zoltan
On Mon, 6 Jan 2014, Stefan Schwarzer wrote:
Hi there,
I am wondering how to deal with the CONNECTION information in the .MAP which
is used for WMS requests. As the .MAP file must be visible and is readable,
the CONNECTION information for my database is readable too.
# Layers definition -
LAYER
NAME wilderness_areas_po
METADATA
'wcs_label' 'Wilderness Areas'
'wcs_rangeset_name' 'test'
'wcs_rangeset_label' 'test label'
END
TYPE RASTER
STATUS OFF
DATA wilderness_areas_po
CONNECTIONTYPE postgis
CONNECTION 'user=my_username password=my_password
dbname=my_database'
PROJECTION
'init=epsg:4326'
END
END
Either I would then need to create a very simple user for that case which
really only can read the data, or I should hide the file in a directory
which is not readable by a webuser. But I guess that Mapserver wouldn't like
that.
What are your recommendations?
Thanks for any hints.
Stefan
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Dear Stefan,
you can create one wrapper script for each maps file
or you can ask only the name (without path) of the map file and your
wrapper adds the path to the name.
Regards,
Zoltan
On Tue, 7 Jan 2014, Stefan Schwarzer wrote:
Thanks for all the valuable help!
If I place the .MAP file somewhere where only the system can read it, the request
looks a bit awkward: ?.map=/home/include/mapfiles/my_map.map?.
Would there a possibility to juste use ?map=my_map? and have the path then get
added/understood by some internal configuration (mod_rewrite perhaps?)?
For the Wrapper, I don't really understand how that one would work. I have
multiple .MAP files. And they need to by WMS-compliant. If I understand
correctly, the URL would call the script: http://my_url.org/my_script, right?
H...
It says:
#!/bin/sh
MAPSERV=/path/to/my/mapserv
MS_MAPFILE=/path/to/my/mapfile.map exec ${MAPSERV}
Thanks for any help!
Stefan
On 06.01.2014, at 11:03, Siki Zoltan wrote:
Hi Stefan,
you should hide your map file using a wrapper script on the server side.
See http://mapserver.org/cgi/wrapper.html
You can find some other methods at http://mapserver.org/ogc/wms_server.html
look for Changing the Online Resource URL
Regards,
Zoltan
On Mon, 6 Jan 2014, Stefan Schwarzer wrote:
Hi there,
I am wondering how to deal with the CONNECTION information in the .MAP which is
used for WMS requests. As the .MAP file must be visible and is readable, the
CONNECTION information for my database is readable too.
# Layers definition -
LAYER
NAME wilderness_areas_po
METADATA
'wcs_label' 'Wilderness Areas'
'wcs_rangeset_name' 'test'
'wcs_rangeset_label' 'test label'
END
TYPE RASTER
STATUS OFF
DATA wilderness_areas_po
CONNECTIONTYPE postgis
CONNECTION 'user=my_username password=my_password
dbname=my_database'
PROJECTION
'init=epsg:4326'
END
END
Either I would then need to create a very simple user for that case which
really only can read the data, or I should hide the file in a directory which
is not readable by a webuser. But I guess that Mapserver wouldn't like that.
What are your recommendations?
Thanks for any hints.
Stefan
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
On 14-01-07 5:47 AM, Stefan Schwarzer wrote: Thanks for all the valuable help! If I place the .MAP file somewhere where only the system can read it, the request looks a bit awkward: ….map=/home/include/mapfiles/my_map.map…. Would there a possibility to juste use …map=my_map… and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? Hi Stefan, Yes, this is also an option. You can use environment variables for your mapfile path and refer to the environment variable in the map=... parameter e.g. in Apache's httpd.conf: SetEnv MYMAP1=/home/include/mapfiles/my_map1.map SetEnv MYMAP2=/home/include/mapfiles/my_map2.map ... and then in your mapserv URL use: /cgi-bin/mapserv?map=MYMAP1... -- Daniel Morissette http://www.mapgears.com/ Provider of Professional MapServer Support since 2000 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
To use this url http://my_url.org/my_script
I would create a file my_script in cgi-bin per example
See here
http://mapserver.org/fr/cgi/wrapper.html
I use a mix of above and this
http://mapserver.org/fr/ogc/mapscript.html
Steve
Stefan Schwarzer stefan.schwar...@unep.org@lists.osgeo.org
Envoyé par : mapserver-users-boun...@lists.osgeo.org
2014-01-07 05:47
A
mapserver-users@lists.osgeo.org
cc
Objet
Re: [mapserver-users] How to deal with (visible) CONNECTION information in
.MAP file for WMS purposes
Thanks for all the valuable help!
If I place the .MAP file somewhere where only the system can read it, the
request looks a bit awkward: ?.map=/home/include/mapfiles/my_map.map?.
Would there a possibility to juste use ?map=my_map? and have the path
then get added/understood by some internal configuration (mod_rewrite
perhaps?)?
For the Wrapper, I don't really understand how that one would work. I have
multiple .MAP files. And they need to by WMS-compliant. If I understand
correctly, the URL would call the script: http://my_url.org/my_script,
right? H...
It says:
#!/bin/sh
MAPSERV=/path/to/my/mapserv
MS_MAPFILE=/path/to/my/mapfile.map exec ${MAPSERV}
Thanks for any help!
Stefan
On 06.01.2014, at 11:03, Siki Zoltan wrote:
Hi Stefan,
you should hide your map file using a wrapper script on the server side.
See http://mapserver.org/cgi/wrapper.html
You can find some other methods at
http://mapserver.org/ogc/wms_server.html
look for Changing the Online Resource URL
Regards,
Zoltan
On Mon, 6 Jan 2014, Stefan Schwarzer wrote:
Hi there,
I am wondering how to deal with the CONNECTION information in the .MAP
which is used for WMS requests. As the .MAP file must be visible and is
readable, the CONNECTION information for my database is readable too.
# Layers definition -
LAYER
NAME wilderness_areas_po
METADATA
'wcs_label' 'Wilderness Areas'
'wcs_rangeset_name' 'test'
'wcs_rangeset_label' 'test label'
END
TYPE RASTER
STATUS OFF
DATA wilderness_areas_po
CONNECTIONTYPE postgis
CONNECTION 'user=my_username password=my_password
dbname=my_database'
PROJECTION
'init=epsg:4326'
END
END
Either I would then need to create a very simple user for that case which
really only can read the data, or I should hide the file in a directory
which is not readable by a webuser. But I guess that Mapserver wouldn't
like that.
What are your recommendations?
Thanks for any hints.
Stefan
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
___
mapserver-users mailing list
mapserver-users@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Would there a possibility to juste use …map=my_map… and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? Using that with an environment variable as others have pointed out, or other rewrite techniques from http://mapserver.org/ogc/wms_server.html#changing-the-online-resource-url are a good way to go. I would personally *not* recommend any techniques involving a wrapper script for anything other than development, as your webserver has to spawn two processes (bash + mapserv) instead of one (mapserv) for each request; this can add noticeable overhead in production. -- thomas ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Hi Stefan, you should hide your map file using a wrapper script on the server side. See http://mapserver.org/cgi/wrapper.html You can find some other methods at http://mapserver.org/ogc/wms_server.html look for Changing the Online Resource URL Regards, Zoltan On Mon, 6 Jan 2014, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Your MAP file does not have to be visible to / readable by the web server, but it must be visible to Mapserver (mapserv). Håvard On 1/6/2014 10:16 AM, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan -- Håvard Tveite Department of Mathematical Sciences and Technology, NMBU Drøbakveien 31, POBox 5003, N-1432 Ås, NORWAY Phone: +47 64965483 Fax: +47 64965401 http://www.nmbu.no/imt/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
You can also encrypt the database password using MapServer utilities. I do the following: - store the mapfiles outside web htdocs directory - encrypt database passwords (if in a shared hosting environment) - use webserver environment variables to reference mapfiles... this obfuscates your file system setup and makes your setup more portable since you reference the environment variable and not the file directly Steve From: mapserver-users-boun...@lists.osgeo.org [mapserver-users-boun...@lists.osgeo.org] on behalf of Håvard Tveite [havard.tve...@nmbu.no] Sent: Monday, January 06, 2014 4:58 AM To: mapserver-users@lists.osgeo.org Subject: Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes Your MAP file does not have to be visible to / readable by the web server, but it must be visible to Mapserver (mapserv). Håvard On 1/6/2014 10:16 AM, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan -- Håvard Tveite Department of Mathematical Sciences and Technology, NMBU Drøbakveien 31, POBox 5003, N-1432 Ås, NORWAY Phone: +47 64965483 Fax: +47 64965401 http://www.nmbu.no/imt/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
On 2014-01-06 10:39 AM, Lime, Steve D (MNIT) wrote: You can also encrypt the database password using MapServer utilities. I do the following: - store the mapfiles outside web htdocs directory - encrypt database passwords (if in a shared hosting environment) - use webserver environment variables to reference mapfiles... this obfuscates your file system setup and makes your setup more portable since you reference the environment variable and not the file directly Steve Good point Steve. Here are the docs for the msencrypt utility: http://www.mapserver.org/utilities/msencrypt.html -jeff -- Jeff McKenna MapServer Consulting and Training Services http://www.gatewaygeomatics.com/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
