Database credentials not enforced over REST?
Hi, If I contact a BaseX instance over REST, I can drop databases/collections without passing credentials in basic auth header, using command= query param (is there any other mechanism for auth over REST supported by BaseX?). Tried this on a collection newly created using REST...do we have to 'add' credentials to DB/collection after creating it? If yes, how? Regards, Mahender
If I contact a BaseX instance over REST, I can drop databases/collections without passing credentials in basic auth header, using command= query param (is there any other mechanism for auth over REST supported by BaseX?).
By default, JaxRx is started with admin rights; to restrict permissions, you specify another user. Just specify "-h" to get all JaxRx arguments, or try.. new JaxRxServer("-h") Hope this helps, Christian
participants (2)
-
Christian Grün -
Mahender Didwania