Home | Docs | Issue Tracker | FAQ | Download
MapServer logo

Table Of Contents

Previous topic

legend

Next topic

scalebar

This Page

Quick search

Enter search terms or a module, class or function name.

msencrypt

Purpose

Used to create an encryption key or to encrypt portions of connection strings for use in mapfiles (added in v4.10) . Typically you might want to encrypt portions of the CONNECTION parameter for a database connection. The following CONNECTIONTYPEs are supported for using this encryption method:

OGR
Oracle Spatial
PostGIS
SDE

Syntax

To create a new encryption key:

msencrypt -keygen [key_filename]

To encrypt a string:

msencrypt -key [key_filename] [string_to_encrypt]

Use in Mapfile

The location of the encryption key can be specified by two mechanisms, either by setting the environment variable MS_ENCRYPTION_KEY or using a CONFIG directive in the MAP object of your mapfile. For example:

CONFIG MS_ENCRYPTION_KEY "/path/to/mykey.txt"

Use the { and } characters as delimiters for encrypted strings inside database CONNECTIONs in your mapfile. For example:

CONNECTIONTYPE ORACLESPATIAL
CONNECTION "user/{MIIBugIBAAKBgQCP0Yj+Seh8==}@service"

Example

LAYER
  NAME "provinces"
  TYPE POLYGON
  CONNECTIONTYPE POSTGIS
  CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password=iluvyou18 port=5432"
  DATA "the_geom FROM province using SRID=42304"
  STATUS DEFAULT
  CLASS
    NAME "Countries"
    COLOR 255 0 0
  END
END

Here are the steps to encrypt the password in the above connection:

  1. Generate an encryption key (note that this key should not be stored anywhere within your web server’s accessible directories):
msencrypt -keygen "E:\temp\mykey.txt"

And this generated key file might contain something like:

2137FEFDB5611448738D9FBB1DC59055
  1. Encrypt the connection’s password using that generated key:
msencrypt -key "E:\temp\mykey.txt" "iluvyou18"

Which returns the password encrypted, at the commandline (you’ll use it in a second):

3656026A23DBAFC04C402EDFAB7CE714
  1. Edit the mapfile to make sure the ‘mykey.txt’ can be found, using the “MS_ENCRYPTION_KEY” environment variable. The CONFIG parameter inside the MAP object can be used to set an environment variable inside a mapfile:
MAP
    ...
    CONFIG "MS_ENCRYPTION_KEY" "E:/temp/mykey.txt"
    ...
END #mapfile
  1. Modify the layer’s CONNECTION to use the generated password key, making sure to use the “{}” brackets around the key:
CONNECTION "host=127.0.0.1 dbname=gmap user=postgres password={3656026A23DBAFC04C402EDFAB7CE714} port=5432"
  1. Done! Give your new encrypted mapfile a try with the shp2img utility!