[Cartoweb-users] Problem choosing project and authentication
Oliver Christen
oliver.christen at camptocamp.com
Mon Jul 14 03:17:07 EDT 2008
Hi
The "problem" is when accessing projects via the client.php?project= syntax,
the security context stay the default project because GET parameters are
handled too late for security.
one easy solution is to make "shortcut" php files (3.2.5
http://www.cartoweb.org/doc_head/docbook/xhtml/user.project.html#user.project.use.client)
for each projects and simply access them with projectname.php instead of
client.php?project=projectname
that way the project name is defined via $_ENV and the info is provided soon
enough so the context is correct for the security.
regards
Oliver
> Hello,
>
> I have a couple of projects in my CW 3.4 installation. Each project is
> used by different people. There is one start page outside CW where the
> users can choose the project. Then the CW client.php is called with the
> appropriate project=... GET parameter. So far everything works fine. If I
> activate now the auth plugin and require all users to authenticate
> (securityAllowedRoles = loggedIn in client.ini) authentication is never
> successful. I found out that CW uses not the auth.ini file from the
> selected project, but from the test_main project, which seems to be some
> kind of default in my environment. This suspicion was confirmed when I
> copied one auth.ini file into the test_main project. Doing so the
> authentication is successful, but I end up seeing the test_main page.
> Therefore, I am guessing that the auth plugin throws all get parameters
> away.
> Is my config buggy? If no, does anybody know a workaround?
>
> Regards Matthias
> _______________________________________________
> Cartoweb-users mailing list
> Cartoweb-users at lists.maptools.org
> http://lists.maptools.org/mailman/listinfo/cartoweb-users
>
More information about the Cartoweb-users
mailing list