Changes between Version 1 and Version 2 of MapServerSecurity


Ignore:
Timestamp:
Jan 28, 2009, 12:34:40 PM (13 years ago)
Author:
jmckenna
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MapServerSecurity

    v1 v2  
    2626Here are some documents that give more information on security:
    2727
    28     http://www.tldp.org/HOWTO/Security-HOWTO/index.html
    29     http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html
     28  * http://www.tldp.org/HOWTO/Security-HOWTO/index.html
     29  * http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html
    3030
    3131=== 2.1 Quantifying risk ===
     
    3535While we may tinker with the Mapserver source, there's probably only a handful of people in the world who fully understand it. While great care has been taken to ensure that there are no mistakes, it has not been subject to the same level of scrutiny compared to more widely used (and attacked) applications. Conversely, this relative obscurity probably makes Mapserver a less attractive target.
    3636
    37     http://mapserver.gis.umn.edu/wilma/mapserver-users/0110/msg00325.html
    38     http://mapserver.gis.umn.edu/wilma/mapserver-users/0110/msg00328.html
    39 
    4037==== Medium: CGI module ====
    4138Running Mapserver as a module for some CGI scripting language allows you to limit how people are able to interact with Mapserver and to use any security features available with your favorite scripting language. IMHO, this is not as secure as something like PHP where many security decisions can be imposed centrally.
     
    4441PHP is a widely deployed, well understood server side scripting environment designed for web applications. As such, it includes many features that provide a base level of security and protect the server against poorly written applications. Because there is a large community and install base, the chances are that you will be able to secure any holes that may emerge before your server is attacked.
    4542
    46     http://www.php.net/manual/en/security.php
     43  * http://www.php.net/manual/en/security.php
    4744
    4845=== 2.2 Simplicity and clarity of design ===