Dear Radim, just two little additions to Christians excellent answer: If you are able to decrypt a salted SHA356 hashed password in "a few seconds" please tell me how - Man, that would be a hack worth millions of dollars so I would like to cash in ;)
On a more serious note: Keep in mind although we do not have AD support now, it is always possible to sponsor a feature, i.e. giving us some money (this is were the millions of money from the SHA256 hack come in handy!) so we have the time to develop this feature. Of course it is also always possible to add this feature yourself and send us a pull request. Cheers Dirk On 06/05/2017 11:37 AM, Christian Grün wrote: > Dear Radim, > > Welcome to the list. > >> 1) BaseX GUI is automatically opened with administration permissions without >> any login request. Can it be fixed? > As the GUI has been designed for local standalone usage, no user can > be specified. If you plan to use BaseX in a distributed environment, > the DBA web interface may be the better choice. > > >> 2) Once user is created in a database, he or she has the same rights in all >> databases. Can it be fixed so the user has particular permisssion per >> database? > That’s possible. By default, new users have no permissions, and you > can assign user names and patterns to databases [1]. > >> 3) Or better, would it be posssible to set user permission per collection >> (like in Sedna or MonoDB)? > In BaseX, user permissions are always defined for databases. > >> 4) I can see the users are stored in users.xml file, including with their >> permission and hashed password. It is a security issue for us because the >> digest hash can be decrypted in few seconds. Is it possible to obscure that >> sensitive information, or to not store it in the file? > How would you proceed to decode it that quickly? – The digest hash is > only required for HTTP digest authentication; feel free to remove it > from the users.xml file. > > >> 5) All queries are stored in logs. Queries for user creation or password >> change are stored in plain text there. Is there a way to obscure that >> sensitive information? > Passwords won’t be stored in the logs, so you’ll be safe. > > >> 6) It only is possible to create BaseX users. Is Active Directory account >> support in road-map, especially support for AD groups? It would be much >> appreciated. > Not yet. Sorry, I cannot give you any timeline, because it currently > has no high priority for us. > > >> 7) BaseX supports http protocol. Is it possible to make it work with https >> protocol as well? > Absolutely. > > Hope this helps, > Christian > > [1] http://docs.basex.org/wiki/User_Management -- Dirk Kirsten, BaseX GmbH, http://basexgmbh.de |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle `-- Phone: 0049 7531 91 68 276, Fax: 0049 7531 20 05 22
