> > Thanks Robert, > Interesting. > If someone is using a client such as gaia or qgis, can he access the > layers only by entering "http://10.64.20.120/cgi-bin/gsswms.exe?" as > the URL > Or if we do a getMap request, what happen? >
if it was a public server it should, yes, which doesn't give this approach any control access solution, just a "hide map" solution. I think that mixing referer control (request must come from a specific site) AND browser control (reject all perl, python, curl, wget stuffs which can set a fake referer) can give a good control on the access, without having to handle authentication. Am I wrong ? Guillaume > I tried, but maybe it is not a public site > Steve > > Steve Toutant, M. Sc. > Analyste en géomatique > Secteur environnement > Direction des risques biologiques, environnementaux et occupationnels > Institut national de santé publique du Québec > 945, avenue Wolfe > Québec, Qc G1V 5B3 > > Tél.: (418) 650-5115 #5281 > Fax.: (418) 654-3144 > steve.tout...@inspq.qc.ca > http://www.inspq.qc.ca > > > > > > > "Robert Sanson" > <sans...@asurequality.com>@openlayers.org > Envoyé par : > users-boun...@openlayers.org > > 14/10/2009 03:34 PM > > > A > <steve.tout...@inspq.qc.ca>, "Daniel Morissette" <dmorisse...@mapgears.com>, > <users-boun...@openlayers.org> > cc > users@openlayers.org > Objet > Re: > [OpenLayers-Users] Control access to WMS > > > > > > > > > > > I have made copies of mapserv.exe in my cgi-bin to other names such as > gsswms.exe. I then have a line at the bottom of httpd.conf: > > SetEnvIf Request_URI "/cgi-bin/gsswms.exe?" > MS_MAPFILE=/ms4w/apps/service/nztm.map > > So I then use a layer definition for OL such as : > > var topowms = new OpenLayers.Layer.WMS( "Topos", > "http://10.64.20.120/cgi-bin/gsswms.exe?", > {layers: > ['nzislands','nznoaa','nz1mtm','nz250ktm','ci250k','nz50ktm','ci50kcitm'], > transparent: 'true',format: "image/png"}, > {singleTile: true, isBaseLayer: false, > minResolution: 2000, visibility: false} ); > > regards, > > Robert Sanson > > >>> <steve.tout...@inspq.qc.ca> 15/10/2009 2:53 a.m. >>> > > Thanks all for your help, > I'll have in a near future to implement a fully secured private site > since I'm gonna have to publish VERY sensible data via WMS. I can tell > that this issue scares the IT group. Story to follow... > But for now, obscurity is sufficient. > > I'm a bit in obscurity myself regardin http_referer...I need to know > more about the mechanic... > It's not clear what I should do in the mapfile and in my OpenLayers > code? > > I added Daniel's code in Apache conf. > > "Then your WMS requests should refer to the mapfile using "map=MYMAP" > instead of a full path. If the referrer is not valid, then MYMAP will > not be set and MapServer will spit out an error." > > Do I need to use the MYMAP environment variabble in the mapfile or in > OL code, or both? > > I'm using OpenLayers to create a WMS layer with new > OpenLayers.Layer.WMS(name, url, params, options); > Instead of the path of the mapfile should I use MYMAP (Environment > variable MYMAP defined in the conf of Apache). If so, Is there some > magic there to get the environment variable value? Should I get it > with some php code? > > Thanks > Steve > > > > > > Daniel Morissette > <dmorisse...@mapgears.com>@openlayers.org > Envoyé par : > users-boun...@openlayers.org > > 13/10/2009 02:56 PM > > > > A > users@openlayers.org > cc > > Objet > Re: > [OpenLayers-Users] Control access to WMS > > > > > > > > > > > > > Christopher Schmidt wrote: > > > > If you care about people 'stumbling in', this would be sufficient. > If you > > actually want to ensure people can't use the data outside of your > app, > > it's not. > > > [...] > > > > Yeah, something like that is what I would probably do if I wanted > something > > taht was obscurity and not security. :) > > > > I agree (and I never used the word security). But this may be > sufficient > in some simple cases. :) > > And for a more complete Access Control solution, everyone is invited > to > a presentation of the new GeoPrisma project in a conference near you: > > FOSS4G 2009 (Sydney, 2009-10-23): > http://2009.foss4g.org/presentations/#presentation_146 > > Géomatique 2009 (Montréal, 2009-10-21): > http://www.geomatique2009.com/en/papers/program > > Daniel > -- > Daniel Morissette > http://www.mapgears.com/ > _______________________________________________ > Users mailing list > Users@openlayers.org > http://openlayers.org/mailman/listinfo/users > > > > > > > Click hereto report this email as spam. > > > > > ------------------------------------------------------------------ > The contents of this email are confidential to AsureQuality. If you > have received this communication in error please notify the sender > immediately and delete the message and any attachments. The opinions > expressed in this email are not necessarily those of AsureQuality. > This message has been scanned for known viruses before delivery. > AsureQuality supports the Unsolicited Electronic Messages Act 2007. If > you do not wish to receive similar communications in future, please > notify the sender of this message. > ------------------------------------------------------------------ > > > > > This message has been scanned for malware by SurfControl plc. > www.surfcontrol.com_______________________________________________ > Users mailing list > Users@openlayers.org > http://openlayers.org/mailman/listinfo/users > > > > > > _______________________________________________ > Users mailing list > Users@openlayers.org > http://openlayers.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@openlayers.org http://openlayers.org/mailman/listinfo/users