Hello Lars,
You can disable the REST interface if you do not intend to use it (and you solely use RESTXQ). This can be done using your web server. In our default jetty-based HTTP server you can find the servlet mapping in WEB-INF/web.xml, where you can simply disable the servlet mapping for REST.
Of course you could also secure this path using your web service (.e.g requesting a HTTP authentication when accessing REST).
Cheers, Dirk On 01/14/2015 03:49 PM, Lars Johnsen wrote:
Hi all
I was wondering how to block general access to BaseX when using RESTXQ. Our javascript/jquery web-application communicates with BaseX using commands like:
$('#myobject').load('objects')where the term 'objects' is defined as a path in a .xqm-file.
declare %rest:path("/objects")However, databases are exposed using the URL "/rest" which seems built into the rest-module. For example, in the javascript/jquery console (f.ex. in Chrome ), a div could be filled up with content outside of the application by typing things like:
$('div').load('rest/my_database')and general queries could be made using the rest-interface http://docs.basex.org/wiki/REST.
Is there a way to prevent this, while at the same time using BaseX as web-server (one way is to use BaseX only as a backend database)? Or how to limit the URLs permitted?
Best Lars