Thanks - it worked out nicely! Just commented out the <servlet>-section on REST.
Cheers, Lars
2015-01-14 15:57 GMT+01:00 Dirk Kirsten dk@basex.org:
Hello Lars,
You can disable the REST interface if you do not intend to use it (and you solely use RESTXQ). This can be done using your web server. In our default jetty-based HTTP server you can find the servlet mapping in WEB-INF/web.xml, where you can simply disable the servlet mapping for REST.
Of course you could also secure this path using your web service (.e.g requesting a HTTP authentication when accessing REST).
Cheers, Dirk On 01/14/2015 03:49 PM, Lars Johnsen wrote:
Hi all
I was wondering how to block general access to BaseX when using RESTXQ.
Our
javascript/jquery web-application communicates with BaseX using commands like:
$('#myobject').load('objects')where the term 'objects' is defined as a path in a .xqm-file.
declare %rest:path("/objects")However, databases are exposed using the URL "/rest" which seems built
into
the rest-module. For example, in the javascript/jquery console (f.ex. in Chrome ), a div could be filled up with content outside of the
application
by typing things like:
$('div').load('rest/my_database')and general queries could be made using the rest-interface http://docs.basex.org/wiki/REST.
Is there a way to prevent this, while at the same time using BaseX as web-server (one way is to use BaseX only as a backend database)? Or how
to
limit the URLs permitted?
Best Lars
-- Dirk Kirsten, BaseX GmbH, http://basexgmbh.de |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22