You are viewing a plain text version of this content. The canonical link for it is here.
Posted to batik-users@xmlgraphics.apache.org by Andreas Neumann <ne...@karto.baug.ethz.ch> on 2006/08/11 12:52:02 UTC
Batik Squiggle not sending referer in http request
Hello,
I am planning to publish an SVG map which uses a WMS service (webmapping
service) to include raster images as map background.
Since the WMS publishes commercial data, I was asked to secure the WMS
such, that only requests can be made which originate from our domain,
e.g. from the SVG that requests the map. I have a way to restrict this
in Apache by using the referer information. If a request has been made
from my own domain (or specific files), access is granted, otherwise not.
While this works fine in Mozilla, Safari and Opera, it seems that Batik
Squiggle does not send the referer attribute (in my logfile this field
is empty) and access therefore doesn't work with Batik.
Would it be possible to enhance Batik Squiggle such that it correctly
sends the referer information in the http request?
Thanks a lot for your help,
Andreas
--
----------------------------------------------
Andreas Neumann
Institute of Cartography
ETH Zurich
Wolfgang-Paulistrasse 15
CH-8093 Zurich, Switzerland
Phone: ++41-44-633 3031, Fax: ++41-44-633 1153
e-mail: neumann@karto.baug.ethz.ch
www: http://www.carto.net/neumann/
SVG.Open: http://www.svgopen.org/
Carto.net: http://www.carto.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org
Re: [linux] Batik Squiggle not sending referer in http request
Posted by Andreas Neumann <ne...@karto.baug.ethz.ch>.
I am aware that people can manipulate the referer, but as the WMS is
currently configured, anyone can just use the service and embed it into
their own application, which would not only cause additional traffic on
my server, but would also be problematic from a copyright point of view.
Unfortunately, in Europe, geodata isn't free, and therefore we have to
protect it, at least to a certain extent.
I am also aware that the images end up in the cache and anyone can copy
them, but the referer thing is not to prevent people stealing single
images (I don't care about that), but to prevent people building bigger
or even commercial services around my WMS, without asking the data
distributor for permission.
If I am unable to secure the WMS to a certain extent, I am not allowed
to publish the service, which would be sad.
Anyway, it would be useful, if Batik would send the referer data, also
for webserver logfile statistics.
Andreas
Michael Mosmann wrote:
>Am Freitag, den 11.08.2006, 12:52 +0200 schrieb Andreas Neumann:
>
>
>>Hello,
>>
>>I have a way to restrict this
>>in Apache by using the referer information. If a request has been made
>>from my own domain (or specific files), access is granted, otherwise not.
>>
>>
>
>This is only a soft protection, cause proxy or application can
>manipulate this header entry. So if i want to access your service i
>would fake this header information.
>
>mm:)
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
>For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org
>
>
>
--
----------------------------------------------
Andreas Neumann
Institute of Cartography
ETH Zurich
Wolfgang-Paulistrasse 15
CH-8093 Zurich, Switzerland
Phone: ++41-44-633 3031, Fax: ++41-44-633 1153
e-mail: neumann@karto.baug.ethz.ch
www: http://www.carto.net/neumann/
SVG.Open: http://www.svgopen.org/
Carto.net: http://www.carto.net/
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org
Re: [linux] Batik Squiggle not sending referer in http request
Posted by Michael Mosmann <mi...@mosmann.de>.
Am Freitag, den 11.08.2006, 12:52 +0200 schrieb Andreas Neumann:
> Hello,
>
> I have a way to restrict this
> in Apache by using the referer information. If a request has been made
> from my own domain (or specific files), access is granted, otherwise not.
This is only a soft protection, cause proxy or application can
manipulate this header entry. So if i want to access your service i
would fake this header information.
mm:)
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org
Re: Batik Squiggle not sending referer in http request
Posted by th...@kodak.com.
Hi Andreas,
Andreas Neumann <ne...@karto.baug.ethz.ch> wrote on 08/11/2006 06:52:02
AM:
> While this works fine in Mozilla, Safari and Opera, it seems that Batik
> Squiggle does not send the referer attribute (in my logfile this field
> is empty) and access therefore doesn't work with Batik.
>
> Would it be possible to enhance Batik Squiggle such that it correctly
> sends the referer information in the http request?
This is actually fairly difficult to implement the way things are
right now. There is currently no link between the URL loading code
and the document that requests it.
It has become increasingly clear that some form of link is desirable
for a number of use cases, however this would be a fairly large change
in the code and if not done well could make the code fairly ugly...
---------------------------------------------------------------------
To unsubscribe, e-mail: batik-users-unsubscribe@xmlgraphics.apache.org
For additional commands, e-mail: batik-users-help@xmlgraphics.apache.org