Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Thanks for all the valuable help! If I place the .MAP file somewhere where only the system can read it, the request looks a bit awkward: ….map=/home/include/mapfiles/my_map.map…. Would there a possibility to juste use …map=my_map… and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? For the Wrapper, I don't really understand how that one would work. I have multiple .MAP files. And they need to by WMS-compliant. If I understand correctly, the URL would call the script: http://my_url.org/my_script, right? H... It says: #!/bin/sh MAPSERV=/path/to/my/mapserv MS_MAPFILE=/path/to/my/mapfile.map exec ${MAPSERV} Thanks for any help! Stefan On 06.01.2014, at 11:03, Siki Zoltan wrote: Hi Stefan, you should hide your map file using a wrapper script on the server side. See http://mapserver.org/cgi/wrapper.html You can find some other methods at http://mapserver.org/ogc/wms_server.html look for Changing the Online Resource URL Regards, Zoltan On Mon, 6 Jan 2014, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Dear Stefan, you can create one wrapper script for each maps file or you can ask only the name (without path) of the map file and your wrapper adds the path to the name. Regards, Zoltan On Tue, 7 Jan 2014, Stefan Schwarzer wrote: Thanks for all the valuable help! If I place the .MAP file somewhere where only the system can read it, the request looks a bit awkward: ?.map=/home/include/mapfiles/my_map.map?. Would there a possibility to juste use ?map=my_map? and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? For the Wrapper, I don't really understand how that one would work. I have multiple .MAP files. And they need to by WMS-compliant. If I understand correctly, the URL would call the script: http://my_url.org/my_script, right? H... It says: #!/bin/sh MAPSERV=/path/to/my/mapserv MS_MAPFILE=/path/to/my/mapfile.map exec ${MAPSERV} Thanks for any help! Stefan On 06.01.2014, at 11:03, Siki Zoltan wrote: Hi Stefan, you should hide your map file using a wrapper script on the server side. See http://mapserver.org/cgi/wrapper.html You can find some other methods at http://mapserver.org/ogc/wms_server.html look for Changing the Online Resource URL Regards, Zoltan On Mon, 6 Jan 2014, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
On 14-01-07 5:47 AM, Stefan Schwarzer wrote: Thanks for all the valuable help! If I place the .MAP file somewhere where only the system can read it, the request looks a bit awkward: ….map=/home/include/mapfiles/my_map.map…. Would there a possibility to juste use …map=my_map… and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? Hi Stefan, Yes, this is also an option. You can use environment variables for your mapfile path and refer to the environment variable in the map=... parameter e.g. in Apache's httpd.conf: SetEnv MYMAP1=/home/include/mapfiles/my_map1.map SetEnv MYMAP2=/home/include/mapfiles/my_map2.map ... and then in your mapserv URL use: /cgi-bin/mapserv?map=MYMAP1... -- Daniel Morissette http://www.mapgears.com/ Provider of Professional MapServer Support since 2000 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
To use this url http://my_url.org/my_script I would create a file my_script in cgi-bin per example See here http://mapserver.org/fr/cgi/wrapper.html I use a mix of above and this http://mapserver.org/fr/ogc/mapscript.html Steve Stefan Schwarzer stefan.schwar...@unep.org@lists.osgeo.org Envoyé par : mapserver-users-boun...@lists.osgeo.org 2014-01-07 05:47 A mapserver-users@lists.osgeo.org cc Objet Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes Thanks for all the valuable help! If I place the .MAP file somewhere where only the system can read it, the request looks a bit awkward: ?.map=/home/include/mapfiles/my_map.map?. Would there a possibility to juste use ?map=my_map? and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? For the Wrapper, I don't really understand how that one would work. I have multiple .MAP files. And they need to by WMS-compliant. If I understand correctly, the URL would call the script: http://my_url.org/my_script, right? H... It says: #!/bin/sh MAPSERV=/path/to/my/mapserv MS_MAPFILE=/path/to/my/mapfile.map exec ${MAPSERV} Thanks for any help! Stefan On 06.01.2014, at 11:03, Siki Zoltan wrote: Hi Stefan, you should hide your map file using a wrapper script on the server side. See http://mapserver.org/cgi/wrapper.html You can find some other methods at http://mapserver.org/ogc/wms_server.html look for Changing the Online Resource URL Regards, Zoltan On Mon, 6 Jan 2014, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Would there a possibility to juste use …map=my_map… and have the path then get added/understood by some internal configuration (mod_rewrite perhaps?)? Using that with an environment variable as others have pointed out, or other rewrite techniques from http://mapserver.org/ogc/wms_server.html#changing-the-online-resource-url are a good way to go. I would personally *not* recommend any techniques involving a wrapper script for anything other than development, as your webserver has to spawn two processes (bash + mapserv) instead of one (mapserv) for each request; this can add noticeable overhead in production. -- thomas ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Hi Stefan, you should hide your map file using a wrapper script on the server side. See http://mapserver.org/cgi/wrapper.html You can find some other methods at http://mapserver.org/ogc/wms_server.html look for Changing the Online Resource URL Regards, Zoltan On Mon, 6 Jan 2014, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
Your MAP file does not have to be visible to / readable by the web server, but it must be visible to Mapserver (mapserv). Håvard On 1/6/2014 10:16 AM, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan -- Håvard Tveite Department of Mathematical Sciences and Technology, NMBU Drøbakveien 31, POBox 5003, N-1432 Ås, NORWAY Phone: +47 64965483 Fax: +47 64965401 http://www.nmbu.no/imt/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
You can also encrypt the database password using MapServer utilities. I do the following: - store the mapfiles outside web htdocs directory - encrypt database passwords (if in a shared hosting environment) - use webserver environment variables to reference mapfiles... this obfuscates your file system setup and makes your setup more portable since you reference the environment variable and not the file directly Steve From: mapserver-users-boun...@lists.osgeo.org [mapserver-users-boun...@lists.osgeo.org] on behalf of Håvard Tveite [havard.tve...@nmbu.no] Sent: Monday, January 06, 2014 4:58 AM To: mapserver-users@lists.osgeo.org Subject: Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes Your MAP file does not have to be visible to / readable by the web server, but it must be visible to Mapserver (mapserv). Håvard On 1/6/2014 10:16 AM, Stefan Schwarzer wrote: Hi there, I am wondering how to deal with the CONNECTION information in the .MAP which is used for WMS requests. As the .MAP file must be visible and is readable, the CONNECTION information for my database is readable too. # Layers definition - LAYER NAME wilderness_areas_po METADATA 'wcs_label' 'Wilderness Areas' 'wcs_rangeset_name' 'test' 'wcs_rangeset_label' 'test label' END TYPE RASTER STATUS OFF DATA wilderness_areas_po CONNECTIONTYPE postgis CONNECTION 'user=my_username password=my_password dbname=my_database' PROJECTION 'init=epsg:4326' END END Either I would then need to create a very simple user for that case which really only can read the data, or I should hide the file in a directory which is not readable by a webuser. But I guess that Mapserver wouldn't like that. What are your recommendations? Thanks for any hints. Stefan -- Håvard Tveite Department of Mathematical Sciences and Technology, NMBU Drøbakveien 31, POBox 5003, N-1432 Ås, NORWAY Phone: +47 64965483 Fax: +47 64965401 http://www.nmbu.no/imt/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to deal with (visible) CONNECTION information in .MAP file for WMS purposes
On 2014-01-06 10:39 AM, Lime, Steve D (MNIT) wrote: You can also encrypt the database password using MapServer utilities. I do the following: - store the mapfiles outside web htdocs directory - encrypt database passwords (if in a shared hosting environment) - use webserver environment variables to reference mapfiles... this obfuscates your file system setup and makes your setup more portable since you reference the environment variable and not the file directly Steve Good point Steve. Here are the docs for the msencrypt utility: http://www.mapserver.org/utilities/msencrypt.html -jeff -- Jeff McKenna MapServer Consulting and Training Services http://www.gatewaygeomatics.com/ ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users