The new access control mechanisms will be implemented and released in MapServer 5.4.0, 5.2.2 and 4.10.4.
Technical Solution
The following mechanisms will be put in place:
- Enforce the requirement for the MAP keyword at the beginning of mapfiles and for the SYMBOLSET keyword at the beginning of SYMBOLSETs.
- Require a Magic String at the beginning of all MapServer templates
- Use of environment variables to control and restrict access to mapfiles by the mapserv CGI: MS_MAP_PATTERN, MS_MAP_NO_PATH
Each of the points above are described in more details in the following sections.
Enforce the requirement for the MAP and SYMBOLSET keywords
The MAP and SYMBOLSET keywords used to be optional at the beginning of mapfiles and symbolsets respectively.
With this change, the MAP keyword will be required on the first line of mapfiles and the SYMBOLSET keyword required on the first line of symbolset files.
If the keyword is missing then the parser will reject the file.
Require a Magic String at the beginning of all MapServer templates
With this change, the first line of a template must contain the “MapServer Template” magic string which can be surrounded by comment delimiters in the format of the template to facilitate template editing (see examples below). The first line of the template file will automatically be stripped from the template and will not be included in the MapServer output.
If the magic string is not found then the template will be rejected by MapServer.
No comments:
Post a Comment