[Chameleon] Security Question
Eric Bridger
eric at gomoos.org
Tue Feb 22 11:47:24 EST 2005
Sorry Corey. We are not using the cwcjsapi widget.
On Tue, 2005-02-22 at 11:36, c p wrote:
> Eric,
>
> I'm not sure which widget is doing this.. from the method name I'm
> guessing it's the JSAPI widget(s)? that causes it. I'm just learning
> Chameleon so I've just been modifying the basic JSAPI sample app
> distributed with Chameleon v2.0. The generated javascript method
> which contains the map file definition is:
>
> /**
> * CWCJSAPIWInit
> * called to initialize the JS API widget
> */
> function CWCJSAPIWInit()
> {
> ....
>
>
> Corey
>
>
> On Sat, 19 Feb 2005 07:57:45 -0500, Eric Bridger <eric at gomoos.org> wrote:
> > Corey,
> >
> > We have depolyed a number of Chameleon applications and I cannot find any display of the connection string in the html source in them.
> > Do you have any idea which widget is doing this?
> >
> > Eric
> >
> > At 11:05 AM 02/19/2005 +0100, Bart van den Eijnden wrote:
> > >Hi,
> > >
> > >one way of working around this would be setting up a Mapserver WMS around
> > >your PostGIS data source, and using a WMS client layer in your Chameleon
> > >MAP file.
> > >
> > >But I am sure there will be easier ways/fixes .....
> > >
> > >Best regards,
> > >Bart
> > >
> > >On Fri, 18 Feb 2005 14:26:02 -0700, c p <cplists at gmail.com> wrote:
> > >
> > >>Hi again...
> > >>
> > >>I noticed if I view the source of the generated html & javascript in
> > >>my web browser that the layer definitions from my mapfile are embedded
> > >>in the javascript including the connection string (including username
> > >>and password(!!)) for postgis data sources.
> > >>
> > >>Is this a known issue? How does one work around this?
> > >>
> > >>Thanks,
> > >>Corey
> >
> >
>
More information about the Chameleon
mailing list