Dear Radim, Welcome to the list.
> 1) BaseX GUI is automatically opened with administration permissions without > any login request. Can it be fixed? As the GUI has been designed for local standalone usage, no user can be specified. If you plan to use BaseX in a distributed environment, the DBA web interface may be the better choice. > 2) Once user is created in a database, he or she has the same rights in all > databases. Can it be fixed so the user has particular permisssion per > database? That’s possible. By default, new users have no permissions, and you can assign user names and patterns to databases [1]. > 3) Or better, would it be posssible to set user permission per collection > (like in Sedna or MonoDB)? In BaseX, user permissions are always defined for databases. > 4) I can see the users are stored in users.xml file, including with their > permission and hashed password. It is a security issue for us because the > digest hash can be decrypted in few seconds. Is it possible to obscure that > sensitive information, or to not store it in the file? How would you proceed to decode it that quickly? – The digest hash is only required for HTTP digest authentication; feel free to remove it from the users.xml file. > 5) All queries are stored in logs. Queries for user creation or password > change are stored in plain text there. Is there a way to obscure that > sensitive information? Passwords won’t be stored in the logs, so you’ll be safe. > 6) It only is possible to create BaseX users. Is Active Directory account > support in road-map, especially support for AD groups? It would be much > appreciated. Not yet. Sorry, I cannot give you any timeline, because it currently has no high priority for us. > 7) BaseX supports http protocol. Is it possible to make it work with https > protocol as well? Absolutely. Hope this helps, Christian [1] http://docs.basex.org/wiki/User_Management