Exactly. In our own RESTXQ applications, we haven't experienced any
case in which the restriction was useful so far. But I guess, this is
different in (some of) your applications?

We could think about reverting this change, and specifying admin/admin
as default in web.xml for the RESTXQ service instead. Do you think
that would make sense?

Christian

On Mon, Jan 12, 2015 at 6:44 PM, Andy Bunce <bunce.andy@gmail.com> wrote:
> So does this mean all restxq code always runs as admin and can do anything?
>
> On 12 Jan 2015 17:37, "Christian Grün" <christian.gruen@gmail.com> wrote:
>>
>> Hi Andy,
>>
>> With BaseX 8.0, no authentication is required anymore when using
>> RESTXQ, because all code to be executed is defined server-side. This
>> continues to be different with REST and WebDAV.
>>
>> Hope this helps?
>> Christian
>>
>>
>> On Mon, Jan 12, 2015 at 6:09 PM, Andy Bunce <bunce.andy@gmail.com> wrote:
>> > Hi,
>> > Just investigating user handling, I am using the latest snapsnap.
>> >
>> > I start basexhttp with  -U guest -P guest
>> > and/or I set org.basex.user and org.basex.password in web.xml
>> >
>> > Sometimes I have created a user ( guest with password guest) and
>> > permission
>> > none via dba. Sometimes I have deleted the guest user.
>> >
>> > In all cases I appear to be able to run restxq queries and in those
>> > queries
>> > read from databases.
>> >
>> > Am I misunderstanding something here?
>> >
>> > /Andy
>> >
>> >
>> >
>> >
>> >
>> >
>> >