Vadim Gritsenko wrote:
Honglin Ye wrote:
Hi, Vadim,
While I am trying to convince people here we can use
Xindice as our storage component, I found one thing we need
but not yet in xindice.
We need the access control. We can not let people who knows
the host and port to freely query xindice.
But, generally speaking, it should be behind a firewall.
I think it should be sufficient to enforce a 'password on
collections'.
If a password is set at the collection create time, the access to the
collection
and all the child collections later on requires the password. This can be
down on commandline and on programming call.
Do I think about the right thing?
Not exactly. The easiest (fastest) way to add simple username/password
protection is to do so by protecting xindice webapp in web.xml.
More complicated (and better) solution will use username/password
provided via Database.getCollection() and give/reject access to the
collection based on the authentication (password matches username), and
authorization (user is in the group which has access to the collection)
rules.
Authorization / authentication information should be stored in the db
itself, in system collection.
Vadim
Hi, Vadim,
Thanks. Is the solution you provide already in? I need 'the better'
solution.
I have to hide it from most people within firewall. Where is the instructions
for authentication stuff?
Honglin
