Hello all, I'm in the process of setting up p.mapper for a client who wishes to map potentially sensitive data to authenticated users.
Users will need to be authenticated against an SQL db residing at another location so I was looking to steer away from .htaccess based ideas. If anyone has any pre-existing suggestions, I'd be happy to hear them. Below are some ideas for developing an authentication solution (if anyone is interested in discussing this further, please read on...) At present, I've added a login.php and logout.php which authenticate and set php session variables. It shouldn't be hard to adjust all php pages so that they only function if the user is logged in, else re-directing them to a login page. My problem at the moment is how to stop people from accessing the rendered images in the /tmp folder. If someone (unauthenticated) managed to guess a filename under the /tmp folder, they'd be able to see previously rendered maps. The only solution I've thought of so far to this is to stop apache from serving files directly from this folder and instead write some php which reads the correct image and then squeezes it out through GD functions or similar (after checking that the user is authed obviously). I suspect I'll end up developing further the idea above unless there is something out there that does this already and it would be great to hear any thoughts for improvement / criticism from any developers (p.mapper or otherwise) on the mailing list. Kind regards, Pete ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ pmapper-users mailing list pmapper-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/pmapper-users
