Allow administrator to disallow certain request parameters
----------------------------------------------------------
Key: GEOS-1317
URL: http://jira.codehaus.org/browse/GEOS-1317
Project: GeoServer
Issue Type: Bug
Components: Configuration
Affects Versions: 1.6.0-beta2
Reporter: Andrea Aime
Assignee: Andrea Aime
Fix For: 1.6.x
GeoServer allows for an ever growing set of output formats and customization options that can be specified directly in the requests.
This has the side effect of allowing everybody accessing the server to load it with unwanted requests: think for example, by specyfing a very expensive SLD, or asking for antialiasing when the standard requests do not, and so on.
This could be handled by the security subsystem, by filtering requests before they get into GeoServer at all... for example it would be possible to lock down GetMap by using regular expression based filters (if request uses sld=xxx then the user must have certain privileges, eventually be the administrator)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira