Friday, 6 July 2018

authentication - Securing WMS against unauthorized access?


In a project the customer wants the images of the WMS to be secured against unauthorized access.


What are the common solutions to realize that?


Are they compatible with the OGC-standards?



Answer




The OGC spec only mandates the use of http. If it is compliant http it should be okay.


Some possible methods:



  • HTTP Basic Authentication (password sent as plain text, may have limited client support)

  • HTTP Digest Authentication (more secure, may have limited client support)

  • Filter IP address of client (easy to implement but not particularly secure).

  • Secret URL. Use a GUID to generate an un-guessable URL. Assumes that clients will keep URL secret. Much simpler for user to use than password entry. Guaranteed client support.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

arcpy - Changing output name when exporting data driven pages to JPG?

Is there a way to save the output JPG, changing the output file name to the page name, instead of page number? I mean changing the script fo...