This is an update from the Geoserver Blog (http://blog.geoserver.org/).
Securing RESTful Services with GeoServer 2.0.1
A feature that has become quite popular in GeoServer over the last year has been the RESTful configuration plug-in (”restconfig”), that allows one to configure a GeoServer instance programmatically via simple HTTP operations.
Recently the issue of security has come up with regards to the restconfig plug-in. Essentially it boils down to the fact that GeoServer allows anonymous access to any resource or service when the HTTP request method is GET. In the case of restconfig this can make sensitive information available anonymously such as database connection parameters which can contain passwords and the like.
To remedy this situation in 2.0.1 the GeoServer security subsystem has been extended to allow for configuring access to RESTful services. This is documented in the user guide.
The major caveat for users upgrading to 2.0.1 is that any systems that depended on the previous behavior of allowing GET access to resources without authentication will undoubtedly break. In this case users have two options:
- Start supplying administrator credentials with all requests
- Reconfigure GeoServer to allow for anonymous access for GET operations
For 1.7.x
A patch has been created for 1.7.x users as well.
A recent post describes a security issue with RESTful services in GeoServer that was fixed for GeoServer 2.0.1. A patch has been created for 1.7.x and is now available. Any users using the restconfig plugin with GeoServer 1.7 are urged to apply the patch.
Note that by applying the patch the same rules as described here apply. Users will have to either update systems that rely on anonymous access via GET operations or alternatively configure the security subsystem to allow them.
Try it out. Please report any issues to the GeoServer users list. Thanks for using GeoServer!
I presented at the Map India 2010 in Gurgaon, India. At the plenary session, the speaker from Indian Space Research Organization (ISRO) shared his future vision of GIS and also showed the rich collection of data they have in their repository and their plans for future data development. Alas, the data is only available to the Government departments and agencies upon registration.
It is time Government of India gave us individuals free access to the non-personal and non-sensitive data so that we can create innovative solutions out of it. Even if the data is non-downloadable, the Government can expose it via OGC Web Services for us to consume. It should be free for non-commercial and social use. If the data is used for commercial purpose, the Government can license it and earn revenue too.
There are more people outside of government who have the skills and abilities to make wonderful things out of this data.
The USA has done it via Data.gov. Recently, UK has also made available non-personal data available to the public through Data.gov.uk. What is more inspiring is the UK sites tagline – Unlocking Innovation.
Maybe it’s time for the government to change the Indian Map Policy. The rich data repository created with the tax payer’s money should be made available to the tax payer. Are the roads made with our tax money meant to be used only by government cars? No. Then why the data?
A prototype application in Adobe Flex using the ArcGIS Flex API, ArcGIS Online data and GeoServer WMS.
This example has:
- Drive Time Calculation
- Radial Rings
- Driving Directions
The Drive Time Calculation shows how many blocks can be covered in under 2 minutes for a Pizza delivery. It also gives a demographic profile by age for each block group. The results are displayed using Flex Charts.
The Radial Demographic feature gives the population within 2,3 and 4 miles radius from a location.
Update: This demo has two layers (one point and one polygon) coming from a GeoServer WMS rendered using “WMSMapServiceLayer” AS Class.
Google Maps has a Map Content Partner program. This lets you share your map data with Google. Interesting.
BUT. Google will not pay you for the content you provide. As their FAQ says:
Licensing Your Map Content to Google: Will Google pay to use my organization’s map content?
We are happy to incorporate your map content in Google’s services at no cost to your organization, but we generally do not pay for the content types we welcome through Google’s Map Content Partner programs.
Yeah! We are so magnanimous that we are ready to provide content for an excellent service for free. It does not matter that Google can, in turn, charge a hefty sums from others for their API.
Did I hear somebody say there are no free lunches in the world?
Nice post by Elad Elrom at InsideRIA on Adobe AIR 2.0 enhancements titled AIR 2 Enhancements Complete Overview.
Some of the topics covered which sounds interesting are:
New functionality in AIR 2.0
AIR 2.0 adds new functionality that was not included in previous versions of AIR. They include:
- New networking support – new socket class, wired and a wireless network interfaces, and DNS records.
- Native processes – API that allows launching and interacting with native processes.
- Screen reader – API that supports screen reader.
- File Promises – API that allows you to drag virtual files to local file systems.
