Hi, I am a great fan of RESTXQ, however there seems to be a security concern with the current BaseX implementation when used without additional layers to top. This is that the source code is available for anyone to view. E.g. with the standard installation http://localhost:8984/restxq/ is the restxq demo but http://localhost:8984/restxq.xqm reveals the source. I have pondered small changes to the implementation that would address this, e.g maybe the RESTXQ code could go in WEB-INF folders or similar. Regards /Andy
Message: 1 Date: Fri, 17 Aug 2012 14:26:12 -0400 From: Colin McEnearney colinmcenearney@gmail.com To: basex-talk@mailman.uni-konstanz.de Subject: [basex-talk] restxq Message-ID: <CAPh7s+KPgb95fFRxGdyKUaKcv= pkV5LVhjUOR+EVOiqQmK2oWw@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
This is a newbie email.
I've been using basex for some time for its xquery engine (which is awesome) but never in production or for web development. I have some small projects coming up and looking at it for the db side of a web app I just noticed RESTXQ - looks really cool!
I'm not really a developer but I use xquery every day at work and so would love to use it - exclusively if possible. Does restxq mean that you can serve a site with no client (php, ruby, etc) in between the db and the html?
basex <-> html
That would be so simple and fun, and quite useful for a blog or other not-too-huge type of thing.
Or is that totally crazy for security reasons?
Colin