As someone coming at this from the other direction - I would like to allow dynamic execution of anything (given the appropriate passwords, of course). I am trying to implement  something similar to eXide [1]  to run on an Android phone. I am using <br>
<br><span style="font-family:courier new,monospace">client:connect(&#39;localhost&#39;, 1984, &#39;admin&#39;, &#39;admin&#39;) !<br>client:query(.,$src)    client:connect(&#39;localhost&#39;, 1984, &#39;admin&#39;, &#39;admin&#39;) !</span><br>
<br> to execute arbitrary strings  from a RESTXQ application. This does allow updating expressions. <br><br>I was surprised, but not too concerned, that &quot;file:list(&#39;.&#39;)&quot; requires create permission. I could not find this, or similar information in the Wiki. It would be a useful addition to document it there. <br>
<br> I believe, at the Java level, these permissions are described using an annotation and I wonder if there would be value in surfacing these as a custom BaseX annotation in the module function stubs in etc\modules and even allowing their use with pure XQuery code?<br>
<br>Regards<br>/Andy<br><br>[1] <a href="http://exist-db.org/exist/apps/eXide/docs/doc.html">http://exist-db.org/exist/apps/eXide/docs/doc.html</a><br><br><div class="gmail_quote">On Fri, Jun 28, 2013 at 9:20 AM, Christian Grün <span dir="ltr">&lt;<a href="mailto:christian.gruen@gmail.com" target="_blank">christian.gruen@gmail.com</a>&gt;</span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">&gt; Can you provide more information on how this is implemented on the<br>
&gt; BaseX site?<br>
&gt;<br>
</div>&gt; […] I was worried about the rest:query interface: I can<br>
<div class="im">&gt; make my PHP proxy do all the checking I would have done with<br>
&gt; cqi:nanny-says-ok(), but I can&#39;t prevent an adversary from sending an<br>
&gt; HTTP request directly to the BaseX server and bypassing the PHP proxy<br>
&gt; -- so I wanted to do my checking in XQuery.<br>
<br>
</div>I’d like to, but I must admit that the existing implementation<br>
includes some irrelevant indirections, which is one of the reasons<br>
(beside time constraints) why we didn’t make it public so far. The<br>
general principle is simple, however: the query is sent to the plain<br>
REST service of a remote BaseX HTTP Server, and the chosen user has<br>
read-only permissions. If you want to avoid that the BaseX server is<br>
visible and can be controlled from outside, you can e.g. restrict the<br>
SERVERHOST option to localhost [1,2].<br>
<br>
Maybe this already solves part of the challenge?<br>
Christian<br>
<br>
[1] <a href="http://docs.basex.org/wiki/Options#SERVERHOST" target="_blank">http://docs.basex.org/wiki/Options#SERVERHOST</a><br>
[2] <a href="http://docs.basex.org/wiki/Startup_Options#BaseX_Server" target="_blank">http://docs.basex.org/wiki/Startup_Options#BaseX_Server</a><br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
BaseX-Talk mailing list<br>
<a href="mailto:BaseX-Talk@mailman.uni-konstanz.de">BaseX-Talk@mailman.uni-konstanz.de</a><br>
<a href="https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk" target="_blank">https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk</a><br>
</div></div></blockquote></div><br>