Re: [mapserver-users] Error messages contain private info
On Fri, Jan 16, 2009 at 09:02:21AM -0500, Frank Warmerdam wrote: > Jochen Topf wrote: >> When using Mapserver with a database and there is an error connecting to >> the database the error message sent to the client contains the database >> connect string including the password! Thats never a good idea. Can this >> be changed somehow? > > Jochen, > > I would suggest you review: > > http://mapserver.org/development/rfc/ms-rfc-18.html That seems like a rather complex solution and it falls short in several aspects: * Security should be the default, not some add-on * It only protects passwords not the rest of the information. Generally services should not leak any internal information to the outside world. Passwords are only the worst case here. But anything like host names, file names, database names, URLs auf cascaded WMSes etc. should not ever get outside! If there is an error this information should go into a log file. You can output a time stamp or some kind of id in the error message so that you can find the corresponding log messages. For servers only used internally where you don't mind the information leak or for debugging of a new setup there could be an option to output error messages to the client. But thats would only be an option which is off by default. See http://www.owasp.org/index.php/Top_10_2007-A6 for more on this. Jochen -- Jochen Topf joc...@remote.org http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] Error messages contain private info
When using Mapserver with a database and there is an error connecting to the database the error message sent to the client contains the database connect string including the password! Thats never a good idea. Can this be changed somehow? Jochen -- Jochen Topf joc...@remote.org http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] Hiding map= from URL with FastCGI
On Fri, Dec 12, 2008 at 03:12:16PM -0500, Russell McOrmond wrote: > I tried to do something similar with mod_fastcgi, but it tells me > > "loadMap(): Web application error. CGI variable "map" is not set." > > If I specify the map= on the URL, then things work. I assume you are using Apache. Add something like SetEnvIf Request_URI "/mapserv" MS_MAPFILE=/path/to/mapfile.map to the Apache config. Other web servers can probably do similar things. Jochen -- Jochen Topf joc...@remote.org http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] LINE layer on small scales
On Mon, Dec 01, 2008 at 12:19:46PM +0100, Stephan Holl wrote: > Jochen Topf <[EMAIL PROTECTED]>, [20081201 - 11:15:21] > > > Hi! > > > > I have bunch of linestrings I want to show in one layer. Each > > linestring should show up as a line on large scales and as a symbol > > on small scales, because on the small scales the lines are too short > > to see. > > > > I know how to do this with two layers: One LINE layer and one POINT > > layer with the same underlying data. > > > > But I'd rather do this in one layer and use different CLASSes for the > > different scales. But when I do this the symbols keep disappearing on > > smaller scales, I guess because the linestrings get so short that > > Mapserver decides to not draw them at all. > > > > Can this be done? Any ideas? > > Any reason why not GROUP two layers together and set the scale > appropriate? GROUPed layers are a bit different from normal layers. For instance it seems I can't set keywords for grouped layers (No OWS_GROUP_KEYWORDLIST), which is something I need for my application. I could probably change my app to also work with nested layers but that looks like a lot of work. :-) Jochen -- Jochen Topf [EMAIL PROTECTED] http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
[mapserver-users] LINE layer on small scales
Hi! I have bunch of linestrings I want to show in one layer. Each linestring should show up as a line on large scales and as a symbol on small scales, because on the small scales the lines are too short to see. I know how to do this with two layers: One LINE layer and one POINT layer with the same underlying data. But I'd rather do this in one layer and use different CLASSes for the different scales. But when I do this the symbols keep disappearing on smaller scales, I guess because the linestrings get so short that Mapserver decides to not draw them at all. Can this be done? Any ideas? Jochen -- Jochen Topf [EMAIL PROTECTED] http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to pimp WMS meta information?
On Fri, Sep 26, 2008 at 09:05:06AM +0200, Barend Kobben wrote: > FYI, the valid way to extend the GetCapabilities is to use the > element. (See the WMS spec on the OGC pages > www.opengeospatial.org) And I'd rather use that, but as far as I know you can't set this from a Mapserver map file? Jochen -- Jochen Topf [EMAIL PROTECTED] http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] How to pimp WMS meta information?
On Tue, Sep 16, 2008 at 07:16:03AM +0200, Markus Spring wrote: > trying to set up a multi-map service based WMS mapservices and > OpenLayers, I would like to retrieve user-defined meta information from a > map via the GetCapabilities request. > > For example, if I define > >METADATA > WMS_TITLE "Palliativstationen" > WMS_ONLINERESOURCE "http://gis.local/wms/palliativ"; > WMS_SRS "epsg:31468" > > WMS_SHOW_QUERY_IN "large_popup" > > END > > I would like to retrieve the value "large_popup" of WMS_SHOW_QUERY_IN > through the GetCapabilities call. The background idea is that this > information could be used by my application but should not harm other > people's use of the WMS service. > > Is there any viable way to accomplish this with a mapserver based WMS service? I have used the WMS keywords on a WMS layer to add special infos only needed for my application. Not the cleanest approach, because other applications will, of course, also see those special keywords you put in, but as a workaround it is ok. Would be nice if there was an "official" way to do this, though. Jochen -- Jochen Topf [EMAIL PROTECTED] http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
Re: [mapserver-users] ShpTree
On Mon, Aug 11, 2008 at 02:35:41PM -0600, Gregor Mosheh wrote: > Note that for Mapserver (rather, OGR) to USE the qix file, you must not > specify the .shp extension in your DATA statement. If you do, the qix > will simply be skipped. e.g. >DATA "data/streets/streets.shp" > should be: >DATA "data/streets/streets" > (someone correct me if this has changed) I just verified this on Mapserver 5.0.0 (the on in current Ubuntu). It tries to open "data/streets/streets.shp.qix" instead of "data/streets/streets.gix". But it looks like it has already been fixed in newer versions: http://trac.osgeo.org/mapserver/changeset/7566 Jochen -- Jochen Topf [EMAIL PROTECTED] http://www.remote.org/jochen/ +49-721-388298 ___ mapserver-users mailing list mapserver-users@lists.osgeo.org http://lists.osgeo.org/mailman/listinfo/mapserver-users
