There are several people who are using the embedded driver on this list. I wrote an XML Server. I can send it requests like "select customer from customers where lastname = 'Stang'". It is a stand-alone process. It communicates via JMS. So, my Clients "publish" requests for data and my server "subscribes" to those types of requests. When a request comes in, it processes it and "publishes" the response back to the clients.
With the old version of Xindice, I had to have a seperate Xindice process running. So, I had a JMS Server, a Cybershop Server and Xindice Server all running. To make things more interesting, I used JBoss for my JMS server, a little overkill :-). By using the embedded version I can eliminate one process. With the elimination of the whole CORBA thing, I might be able to use XmlBlaster. I decided to have a single process non-server version of my application. By using the embedded version in my client, I can remove all the other server processes. This is great for demo programs and for Customers who might want to try before they buy. I can send them the embedded version/single user and they can key in real data and see the application in action. If they decide to buy, I ship them the server jars, start the server processes using the data from the embedded version and they don't loose anything. With the single user version, I can "upgrade" my customers to a multi-user version without having to re-install the entire application. I change one jar on the client, install the server, move the db directory and I am done. >From a security point of view, I am going to have to provide some Authentication and some Authorization checking. I was hoping to see it as part of the core Xindice. I will need a list of Users and Passwords to Authenticate my clients. The Authorization is a little more complicated. My only concern is that Xindice gets an extra layer on top of what is already there that I won't have any use for. I would like to see the embedded driver be able to bypass the security. I think it should either be an API on top of the embedded driver. ciao, Mark Gianugo Rabellino wrote: > Mark J. Stang wrote: > > How do you see this working in the embedded mode? > > > > I don't see it as an issue. But first I have to confess that I still > have to be convinced that including the embedded driver in the Xindice > core is a Good Thing. I don't use it, and don't plan to, so I'm almost > totally ignorant on that particular implementation. But: > > 1. I don't see any reason for this architecture not to work in embedded > mode too. True, there are major security issues, i.e. you can always get > access to the internal API, which leads us to: > > 2. security in an embedded environment doesn't make much sense. When you > are on the same VM, you are on the same machine, running your "client" > processes with the same privileges as the "server" process, and can do > almost everything. Probably you would have to play with Java security > policies to have some acceptable security level, but again I don't see > this as a strict requirement. > > Ciao, > > -- > Gianugo Rabellino -- Mark J Stang System Architect Cybershop Systems
begin:vcard n:Stang;Mark x-mozilla-html:TRUE adr:;;;;;; version:2.1 email;internet:[EMAIL PROTECTED] fn:Mark Stang end:vcard
