[Geoserver-devel] [jira] Created: (GEOS-1317) Allow administrator to disallow certain request parameters

Allow administrator to disallow certain request parameters
----------------------------------------------------------

                 Key: GEOS-1317
                 URL: http://jira.codehaus.org/browse/GEOS-1317
             Project: GeoServer
          Issue Type: Bug
          Components: Configuration
    Affects Versions: 1.6.0-beta2
            Reporter: Andrea Aime
            Assignee: Andrea Aime
             Fix For: 1.6.x

GeoServer allows for an ever growing set of output formats and customization options that can be specified directly in the requests.
This has the side effect of allowing everybody accessing the server to load it with unwanted requests: think for example, by specyfing a very expensive SLD, or asking for antialiasing when the standard requests do not, and so on.

This could be handled by the security subsystem, by filtering requests before they get into GeoServer at all... for example it would be possible to lock down GetMap by using regular expression based filters (if request uses sld=xxx then the user must have certain privileges, eventually be the administrator)

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira