Geospatial – Actualités

OGC web service security without login

16 novembre 2009

I got this week three times the same question: « I have an OGC web service, which is secured (basic auth, for example). For my web mapping application, is is possible to access to it without login ? »
The answer is NO !!!
In order to secure a web service, you need an authentication process and an authorization process. Basically, you need to know who is connected and what are the rights of the connected user. If one of these elemnts is missing, you will not be able to secure your web service.
Of course, you can create a nice server proxy that will filter/modify or whatever the request to the secured web service (in this case, the proxy will send the login information to the secured OGC service), but this proxy will basically expose what you want to expose to the web applications. It will not secure anything, it will simply hide what you don’t want to show to the web application. MapServer can, for example, plays this role.
So, a choice has to be made: login or no login !

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *