Securing Web Mapping Services (WMS)

Owned by Peter James
Last updated: 26 Aug, 2014Version comment
1 min read

Q. Is our proprietary WMS source (e.g. aerial photography) in our public Weave site accessible by public users to exploit?
 
A. When a map is requested from the browser it uses Weave own internal message format to communicate with the server.  This format is loosely based around the REST standard.  To make it harder for people to gain access to the maps from outside Weave we have deliberately not used a well-known standard like WMS or ArcGIS Servers REST API. Weave client URLs do not have the layer name actually listed. When translating the request at the server Weave will use layer identifiers to call the appropriate layer. To make things more secure the layer identifiers can also change over time.