Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Q. Is our proprietary WMS source (e.g. aerial photography) in our public Weave site accessible by public users to exploit?
 
A. Technically speaking - yes. Users can decode the URLs, but the effort required to do this and gain access to data would be so huge as to make it not worth the effort. When a map is requested from the browser it uses Weave own internal message format to communicate with the server.  This format is loosely based around the REST standard.  To make it harder for people to gain access to the maps from outside Weave we have deliberately not used a well-known standard like WMS or ArcGIS Servers REST API. Weave client URLs do not have the layer name actually listed, instead it uses layer numbers. When translating the request at the server Weave will use the layer identifiers to call the appropriate layer matching that ID. To make things more secure the layer identifiers can change over time.
 
More Detail.....
 
The following is a typical URL call to Weave for map data:

"http://server:port/weave/server/request/execute.do?crs=EPSG%3A28355&mapengine.id=mapengine.mann.vector&_OLSALT=0.1486232141032815&request.id=com.cohga.GetMap&request.format=json&request.context=%7B%22core%22%3A%7B%22entity%22%3A%22prop_layer%22%7D%7D&request.data=%7B%22map%22%3A%7B%22layerids%22%3A%5B180%2C183%2C184%2C187%2C188%2C189%2C190%5D%2C%22extent%22%3A%7B%22crs%22%3A%22EPSG%3A28355%22%2C%22minx%22%3A333252.38612729765%2C%22miny%22%3A5817770.593545006%2C%22maxx%22%3A346097.61385022977%2C%22maxy%22%3A5821423.7024559425%7D%2C%22scale%22%3A49844.88541844%7D%2C%22image%22%3A%7B%22type%22%3A%7B%22returnType%22%3A%22MIMEDATA%22%7D%2C%22display%22%3A%7B%22size%22%3A%7B%22width%22%3A974%2C%22height%22%3A277%7D%7D%2C%22opacity%22%3A1%7D%7D"
Decoding the URL returns the following:http://server:port/weave/server/request/execute.do?crs=EPSG:28355&mapengine.id=mapengine.mann.vector&_OLSALT=0.1486232141032815&request.id=com.cohga.GetMap&request.format=json&request.context=

Unknown macro: {"core"}

&request.data=

Unknown macro: {"map"}

 
Note in the above how we do not have the layer name actually listed, instead we use layer numbers ("layerids":[180,183,184,187,188,189,190]). When translating the request at the server Weave will use the ids to call the appropriate layer matching that ID.
 
If a person was to try and gain access to the a raw image from Weave they would need to:
* Know the URL required to request the image from Weave
* Know the correct URL format to request a layer
* Know the correct layer ids for a particular layer (if the layer order is changed in the map engine the layer ids change)
* In order to get a seamless image at any location the person will have to issue multiple requests knowing how to stich up the images.
 
Like Weave, Google implements a way where they hide the resulting tiles from the user.  It is possible to get these tiles however the work you would need to do to successfully complete would be far greater than simply paying a license.

  • No labels