Hi Robert,
I can answer question 1 and 3, I think. Question 2 Ill
leave for someone more knowledgeable.
If you create a postgis connection from a thick client
directly to the PostGIS database, then your authentication is that of the
user you use to connect to the database. You are bypassing GeoServer when
you do this. If instead, you use your thick client to connect to a WFS
store on GeoServer, then you will be using GeoServers security.
Best,
Steve
http://www.clemetparks.com/images/esig/cmp-ms-90x122.pngStephen Mather
Geographic Information Systems (GIS) Manager
(216) 635-3243
[email protected]
<http://www.clemetparks.com/> clevelandmetroparks.com
From: Robert Buckley [mailto:[email protected]]
Sent: Monday, September 19, 2011 6:20 AM
To: [email protected]
Subject: [Geoserver-users] Data security in Geoserver
Hi,
I am trying to figure out the security systems within Geoserver.
I have data in Postgis which is served through geoserver in Tomcat6 on Linux
Ubuntu and am trying to get a few things straight. I would be grateful if
anyone could give me any assistance in trying to understand exactly how the
security works and what is being secured. I would like to set up a safe
editing environment using PostGIS, Geoserver and a thick client ( eg.
Quantum, or possibly ArcGIS)
1.Is it true that If I create a connection to a postgis database with a
thick client(eg.Quantum GIS), any security settings in geoserver are
irrelevant...e.g" wfs service level : basic" This would only affect editing
through a thin-client (e.g GeoExt in a browser). This is exactly what I have
experienced anyway.
2. Is it true that the security settings that are set in are only for the
defined Geoserver users, which are then defined by their roles and this
controls what can be done whilst inside the geoserver GUI. For example. If a
user is only supposed to see one Layer and its characteristics in geoserver,
then this would be set to read only for this user. (in this example the
getCapabilties document would show all layers anyway wouldn´t it?)
3. service level security: "wfs.Transaction=ROLE_WFS_WRITE" is an example
given in the geoserver docs. Would this restrict an editing session done
through postgis with a quantum gis client?
I hope these questions are clear enough.
Thanks,
rob
<<image001.png>>
------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA Learn about the latest advances in developing for the BlackBerry® mobile platform with sessions, labs & more. See new tools and technologies. Register for BlackBerry® DevCon today! http://p.sf.net/sfu/rim-devcon-copy1
_______________________________________________ Geoserver-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/geoserver-users
