Changes between Version 1 and Version 2 of MapServerSecurity
- Timestamp:
- Jan 28, 2009, 12:34:40 PM (15 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
MapServerSecurity
v1 v2 26 26 Here are some documents that give more information on security: 27 27 28 29 28 * http://www.tldp.org/HOWTO/Security-HOWTO/index.html 29 * http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html 30 30 31 31 === 2.1 Quantifying risk === … … 35 35 While we may tinker with the Mapserver source, there's probably only a handful of people in the world who fully understand it. While great care has been taken to ensure that there are no mistakes, it has not been subject to the same level of scrutiny compared to more widely used (and attacked) applications. Conversely, this relative obscurity probably makes Mapserver a less attractive target. 36 36 37 http://mapserver.gis.umn.edu/wilma/mapserver-users/0110/msg00325.html38 http://mapserver.gis.umn.edu/wilma/mapserver-users/0110/msg00328.html39 40 37 ==== Medium: CGI module ==== 41 38 Running Mapserver as a module for some CGI scripting language allows you to limit how people are able to interact with Mapserver and to use any security features available with your favorite scripting language. IMHO, this is not as secure as something like PHP where many security decisions can be imposed centrally. … … 44 41 PHP is a widely deployed, well understood server side scripting environment designed for web applications. As such, it includes many features that provide a base level of security and protect the server against poorly written applications. Because there is a large community and install base, the chances are that you will be able to secure any holes that may emerge before your server is attacked. 45 42 46 43 * http://www.php.net/manual/en/security.php 47 44 48 45 === 2.2 Simplicity and clarity of design ===