Hi all, I'm in the beginning of a BaseX basexhttp installation on OpenShift. I'm using Openshift quick start for BaseX from Andy Bunce. For my tests, I'm working with a simple factbook-db. Everything is working, but I can't figure out, how to protect the database to be deleted via the REST-Interface: With a simple curl -i -X DELETE "http://xxx-xxx.rhcloud.com/rest/factbook" the Database is dropped. In the database, there is only the user admin. In web.xml the REST-servlet is configured with <servlet> <servlet-name>REST</servlet-name> <servlet-class>org.basex.http.rest.RESTServlet</servlet-class> <init-param> <param-name>org.basex.user</param-name> <param-value>admin</param-value> </init-param> <init-param> <param-name>org.basex.password</param-name> <param-value>xxx</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>REST</servlet-name> <url-pattern>/rest/*</url-pattern> </servlet-mapping> What part of the security-management am I missing? Thanks a lot for any help. Best regards, Günter Dunz-Wolff