Changes between Version 1 and Version 2 of MapServerSecurity

Timestamp:

Jan 28, 2009, 12:34:40 PM (15 years ago)

Author:

jmckenna

Comment:

--

MapServerSecurity

@@ -26 +26 @@
 Here are some documents that give more information on security:
 
-    http://www.tldp.org/HOWTO/Security-HOWTO/index.html
-    http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html
+  * http://www.tldp.org/HOWTO/Security-HOWTO/index.html
+  * http://www.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html
 
 === 2.1 Quantifying risk ===
@@ -35 +35 @@
 While we may tinker with the Mapserver source, there's probably only a handful of people in the world who fully understand it. While great care has been taken to ensure that there are no mistakes, it has not been subject to the same level of scrutiny compared to more widely used (and attacked) applications. Conversely, this relative obscurity probably makes Mapserver a less attractive target.
 
-    http://mapserver.gis.umn.edu/wilma/mapserver-users/0110/msg00325.html
-    http://mapserver.gis.umn.edu/wilma/mapserver-users/0110/msg00328.html 
-
 ==== Medium: CGI module ====
 Running Mapserver as a module for some CGI scripting language allows you to limit how people are able to interact with Mapserver and to use any security features available with your favorite scripting language. IMHO, this is not as secure as something like PHP where many security decisions can be imposed centrally.
@@ -44 +41 @@
 PHP is a widely deployed, well understood server side scripting environment designed for web applications. As such, it includes many features that provide a base level of security and protect the server against poorly written applications. Because there is a large community and install base, the chances are that you will be able to secure any holes that may emerge before your server is attacked.
 
-    http://www.php.net/manual/en/security.php
+  * http://www.php.net/manual/en/security.php
 
 === 2.2 Simplicity and clarity of design ===