The change is not a problem for me, but I am not a security expert ;-)
However if it stays then I guess it means the -U and -P options to
basexhttp are being silently ignored.
I think something like the existdb approach would be more what I would
expect.
The ability to config a default http user
Hi Andy,
I think something like the existdb approach would be more what I would
expect.
The ability to config a default http user with reduced permissions, and then
a way to change the user associated with the session
e.g. session:set-current-user
So does this mean all restxq code always runs as admin and can do anything?
On 12 Jan 2015 17:37, Christian Grün christian.gr...@gmail.com wrote:
Hi Andy,
With BaseX 8.0, no authentication is required anymore when using
RESTXQ, because all code to be executed is defined server-side. This
Hi,
Just investigating user handling, I am using the latest snapsnap.
I start basexhttp with -U guest -P guest
and/or I set org.basex.user and org.basex.password in web.xml
Sometimes I have created a user ( guest with password guest) and permission
none via dba. Sometimes I have deleted the
4 matches
Mail list logo