Can you provide more information on how this is implemented on the BaseX site?
[…] I was worried about the rest:query interface: I can make my PHP proxy do all the checking I would have done with cqi:nanny-says-ok(), but I can't prevent an adversary from sending an HTTP request directly to the BaseX server and bypassing the PHP proxy -- so I wanted to do my checking in XQuery.
I’d like to, but I must admit that the existing implementation includes some irrelevant indirections, which is one of the reasons (beside time constraints) why we didn’t make it public so far. The general principle is simple, however: the query is sent to the plain REST service of a remote BaseX HTTP Server, and the chosen user has read-only permissions. If you want to avoid that the BaseX server is visible and can be controlled from outside, you can e.g. restrict the SERVERHOST option to localhost [1,2].
Maybe this already solves part of the challenge? Christian
[1] http://docs.basex.org/wiki/Options#SERVERHOST [2] http://docs.basex.org/wiki/Startup_Options#BaseX_Server