Can any readers of this list recommend some reasonably prudent technique for handling passwords that an XQuery module will need to retrieve things via http?
I suppose there are two questions: (1) where do people store such userid/password pairs? and (2) what's the best way to use them?
For storing, it has occurred to me that I can:
- hard-code them in the XQuery source - store them in an admin-info document in the XQuery database and look them up when needed - don't store them at all but require the request to pass them in as parameters (which offloads the burden of storing these things onto the client)
The simplest way to use them is of course to inject them into the URL, but I recall being warned that this means they can show up in logs, so it's not a recommended practice.
Probably it is better to use http:send-request() with username and password specified as attributes on the http:request method; anyone who can confirm or deny this, please do.
I will be grateful for any and all guidance.