Thanks Robert, Interesting. If someone is using a client such as gaia or qgis, can he access the layers only by entering "http://10.64.20.120/cgi-bin/gsswms.exe?"; as the URL Or if we do a getMap request, what happen?
I tried, but maybe it is not a public site Steve Steve Toutant, M. Sc. Analyste en géomatique Secteur environnement Direction des risques biologiques, environnementaux et occupationnels Institut national de santé publique du Québec 945, avenue Wolfe Québec, Qc G1V 5B3 Tél.: (418) 650-5115 #5281 Fax.: (418) 654-3144 [email protected] http://www.inspq.qc.ca "Robert Sanson" <[email protected]>@openlayers.org Envoyé par : [email protected] 14/10/2009 03:34 PM A <[email protected]>, "Daniel Morissette" <[email protected]>, <[email protected]> cc [email protected] Objet Re: [OpenLayers-Users] Control access to WMS I have made copies of mapserv.exe in my cgi-bin to other names such as gsswms.exe. I then have a line at the bottom of httpd.conf: SetEnvIf Request_URI "/cgi-bin/gsswms.exe?" MS_MAPFILE=/ms4w/apps/service/nztm.map So I then use a layer definition for OL such as : var topowms = new OpenLayers.Layer.WMS( "Topos", "http://10.64.20.120/cgi-bin/gsswms.exe?";, {layers: ['nzislands','nznoaa','nz1mtm','nz250ktm','ci250k','nz50ktm','ci50kcitm'], transparent: 'true',format: "image/png"}, {singleTile: true, isBaseLayer: false, minResolution: 2000, visibility: false} ); regards, Robert Sanson >>> <[email protected]> 15/10/2009 2:53 a.m. >>> Thanks all for your help, I'll have in a near future to implement a fully secured private site since I'm gonna have to publish VERY sensible data via WMS. I can tell that this issue scares the IT group. Story to follow... But for now, obscurity is sufficient. I'm a bit in obscurity myself regardin http_referer...I need to know more about the mechanic... It's not clear what I should do in the mapfile and in my OpenLayers code? I added Daniel's code in Apache conf. "Then your WMS requests should refer to the mapfile using "map=MYMAP" instead of a full path. If the referrer is not valid, then MYMAP will not be set and MapServer will spit out an error." Do I need to use the MYMAP environment variabble in the mapfile or in OL code, or both? I'm using OpenLayers to create a WMS layer with new OpenLayers.Layer.WMS(name, url, params, options); Instead of the path of the mapfile should I use MYMAP (Environment variable MYMAP defined in the conf of Apache). If so, Is there some magic there to get the environment variable value? Should I get it with some php code? Thanks Steve Daniel Morissette <[email protected]>@openlayers.org Envoyé par : [email protected] 13/10/2009 02:56 PM A [email protected] cc Objet Re: [OpenLayers-Users] Control access to WMS Christopher Schmidt wrote: > > If you care about people 'stumbling in', this would be sufficient. If you > actually want to ensure people can't use the data outside of your app, > it's not. > [...] > > Yeah, something like that is what I would probably do if I wanted something > taht was obscurity and not security. :) > I agree (and I never used the word security). But this may be sufficient in some simple cases. :) And for a more complete Access Control solution, everyone is invited to a presentation of the new GeoPrisma project in a conference near you: FOSS4G 2009 (Sydney, 2009-10-23): http://2009.foss4g.org/presentations/#presentation_146 Géomatique 2009 (Montréal, 2009-10-21): http://www.geomatique2009.com/en/papers/program Daniel -- Daniel Morissette http://www.mapgears.com/ _______________________________________________ Users mailing list [email protected] http://openlayers.org/mailman/listinfo/users Click here to report this email as spam. ------------------------------------------------------------------ The contents of this email are confidential to AsureQuality. If you have received this communication in error please notify the sender immediately and delete the message and any attachments. The opinions expressed in this email are not necessarily those of AsureQuality. This message has been scanned for known viruses before delivery. AsureQuality supports the Unsolicited Electronic Messages Act 2007. If you do not wish to receive similar communications in future, please notify the sender of this message. ------------------------------------------------------------------ This message has been scanned for malware by SurfControl plc. www.surfcontrol.com_______________________________________________ Users mailing list [email protected] http://openlayers.org/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://openlayers.org/mailman/listinfo/users
