Skip to content. Skip to navigation

UMN MapServer

Sections

Personal tools

Log in
Join

You are here: Home → Documentation → References → msencrypt

11. msencrypt

Document Actions

Previous: tile4ms

Jump to:

Encryption utility

Purpose:	Used to create an encryption key or to encrypt portions of connection strings for use in mapfiles (added in v4.10) . Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method: OGR Oracle Spatial PostGIS SDE
Syntax:	To create a new encryption key: msencrypt -keygen [key_filename] To encrypt a string: msencrypt -key [key_filename] [string_to_encrypt]
Use in Mapfile:	The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example: CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt" Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example: CONNECTIONTYPE ORACLESPATIAL CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"
Example:	(note: the following PostGIS example requires at least MapServer 5.0.3 or 5.2) Let's say we have a LAYER that uses a POSTGIS connection as follows: LAYER NAME "provinces" TYPE POLYGON CONNECTIONTYPE POSTGIS CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432" DATA "the_geom FROM province using SRID=42304" STATUS DEFAULT CLASS NAME "Countries" COLOR 255 0 0 END END Here are the steps to encrypt the password in the above connection: Generate an encryption key (note that this key should not be stored anywhere within your web server's accessible directories): msencrypt -keygen "E:\temp\mykey.txt" And this generated key file might contain something like: 2137FEFDB5611448738D9FBB1DC59055 Encrypt the connection's password using that generated key: msencrypt -key "E:\temp\mykey.txt" "iluvyou18" Which returns the password encrypted, at the commandline (you'll use it in a second): 3656026A23DBAFC04C402EDFAB7CE714 Edit the mapfile to make sure the 'mykey.txt' can be found, using the "MS_ENCRYPTION_KEY" environment variable. The CONFIG parameter inside the MAP object can be used to set an environment variable inside a mapfile: MAP ... CONFIG "MS_ENCRYPTION_KEY" "E:/temp/mykey.txt" ... END #mapfile Modify the layer's CONNECTION to use the generated password key, making sure to use the “{}” brackets around the key: CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password={3656026A23DBAFC04C402EDFAB7CE714} port=5432" Done! Give your new encrypted mapfile a try with the shp2img utility!

Previous: tile4ms

by Daniel Morissette — last modified 2008-04-07 13:13

Contributors: Steve Lime, Jeff McKenna