[Chameleon] how to make a secure application on win32

Sears, Jeremy Jeremy.Sears at CCRS.NRCan.gc.ca
Fri Mar 10 15:22:58 EST 2006


Hi all,

Im wondering if anyone can point me to documents etc that describe how to
make a chameleon/mapserver application secure for use over the web. We have
developed an application on ms4w and wish to make it available via http. 
Has anyone experience with this that could offer tips? On maptools.org's
ms4w download page they indicate that ms4w shouldnt be used for production
purposes. Does anyone know if ms4w can be made secure?

I dont know much (anything really) about breaking into remote servers. Is it
naive to assume that the following setup would be secure. By secure I mean
an intruder would not be able to access mapserver's .map files to obtain
database passwords etc, nor able to access httpd.conf files or do anything
else besides look at the mapserver/chameleon output via valid http requests.


A setup:

A windows server on a LAN, running the ms4w/chameleon package. The ms4w/cham
package installed in either a directory or a seperate partition of a hard
disk. This partition/directory is open to WAN via a proxy server that can
only access the the partition/ directory on wich ms4w is installed. Only
http requests can be made through the proxy to the ms4w/chameleon
installation.

As I mentioned, Im new to security issues. Any suggestions would be great.
Perhaps there is a more appropriate place to ask such a question?

Thanks
Jeremy


More information about the Chameleon mailing list