Hi all
I was wondering how to block general access to BaseX when using RESTXQ. Our
javascript/jquery web-application communicates with BaseX using commands
like:
$('#myobject').load('objects')
where the term 'objects' is defined as a path in a .xqm-file.
declare %rest:path("/objects")
However, databases are exposed using the URL "/rest" which seems built into
the rest-module. For example, in the javascript/jquery console (f.ex. in
Chrome ), a div could be filled up with content outside of the application
by typing things like:
$('div').load('rest/my_database')
and general queries could be made using the rest-interface
http://docs.basex.org/wiki/REST.
Is there a way to prevent this, while at the same time using BaseX as
web-server (one way is to use BaseX only as a backend database)? Or how to
limit the URLs permitted?
Best
Lars
