I have certain layers in my getCapabilities document which I would like to protect because they contain sensitive information. I would like to serve the layers at all scales to trusted people in an openlayers map and restrict the layer to a certain scale (using sld max-scale-denominator) for others.
If I make the layer "not published",but then embed the layer in an openlayers map, then I can still look in the source code, find the layer url and layer name, and add this to the wfs getfeature url for the layer thus downloading the geometries and data.
I would ideally like to password protect the layer from within the application (I don´t want the user to have to know another password to access the layer) but don´t know how this would work. I have
read about the http basic authentication but don´t really know how to implement it.