On 15.12.2014 22:45, Rahkonen Jukka (Tike) wrote: > 1) OpenJUMP does not support very well authentication. All it can do is to > add user:password before the base URL as > https://user:password@base_url.<https://user:password@base_url./>
we could obfuscate that behind an authentication prompt UI. not sure it is worth the effort, as the user editing should be the user needing the data and hence knowing the credentials to that wms server anyway. you might sway my opinion here. >This is not the same URL that is advertised for GetMap because GetCapabilities >document hopefully does not show the user name and password as plain text already fixed that locally, it reuses the credentials of the GetCap request if the advertised GetMap url does not contain any, just for the weird case they deliver creds. the credentials are still shown in the text field though. additionally working on adding a possibility to modify wms url in WMSQueryEditor later. > > 2) The user:password in OpenJUMP is really tested only with https. Basic > authentication withour https does not make much sense because credentials are > too easy to capture from unsecured traffic. However, the server that Andrei > is using does exactly use basic auth over plain http. right. http auth without encrypted transport layer is negligently insecure. still, if the server is configured without SSL, who are we to judge and prohibit access via plain HTTP. ..ede ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Jump-pilot-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
