[Chameleon-dev] [Bug 177] [wmsparse] security issue with wmsparse and IIS

bugzilla-daemon at www.maptools.org bugzilla-daemon at www.maptools.org
Thu Oct 28 23:22:00 EDT 2004


------- Additional Comments From dmorissette at dmsolutions.ca  2004-10-28 23:21 -------
It's not technically difficult to modify wmsparse to run as a CGI (or even
support dual mode), I could do that easily, just let me know. 

The question is more whether it's a good idea to move this to a CGI since it's
not really a standalone service but a component of a larger system. For insance,
impromer calls could result in corruption of your WMS servers cache... I guess
we could try to restrict this CGI to calls from localhost, but that still
doesn't sound right.

It's really odd that with Windows you are forced to implement this kind of
workarounds to run a local program: where else in the world do you solve a
security issue by exposing your program through your web server? No wonder it's
not the safest platform around.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the Chameleon-dev mailing list