I was wondering how to block general access to BaseX when using RESTXQ. Our javascript/jquery web-application communicates with BaseX using commands like:

     $('#myobject').load('objects')

where the term 'objects' is defined as a path in a .xqm-file.

     declare %rest:path("/objects")

However, databases are exposed using the URL "/rest" which seems built into the rest-module. For example, in the javascript/jquery console (f.ex. in Chrome ), a div could be filled up with content outside of the application by typing things like: