I would be interested in hearing what techniques people use for this too.
On a recent project, I stored passwords and other configuration in a json file and used json-doc with map functions to access configuration from the file or a set of pre-set values.
---- config.json
{ "username": "name", "password": "pass" }
---
then in XQuery:
declare variable $configFile external := file:base-dir() || 'config.json'; declare variable $config := df:config-load($configFile);
declare %private variable $_:config-defaults := map {
'username': 'test',
'password': 'test'
}
declare function _:config($key as xs:string, $cfg as map(*)) { if (map:contains($cfg, $key)) then map:get($cfg, $key) else map:get($_:config-defaults, $key) };
declare function _:config-load($uri) as map(*) { if ($uri) then json-doc($uri) else map{} };
let $user := _:config('username', $config)
return $user
I hope this helps.
Vincent
________________________________ From: basex-talk-bounces@mailman.uni-konstanz.de basex-talk-bounces@mailman.uni-konstanz.de on behalf of C. M. Sperberg-McQueen cmsmcq@blackmesatech.com Sent: Saturday, June 25, 2016 7:02:52 PM To: BaseX Cc: C. M. Sperberg-McQueen Subject: [basex-talk] storing passwords ...
Can any readers of this list recommend some reasonably prudent technique for handling passwords that an XQuery module will need to retrieve things via http?
I suppose there are two questions: (1) where do people store such userid/password pairs? and (2) what's the best way to use them?
For storing, it has occurred to me that I can:
- hard-code them in the XQuery source - store them in an admin-info document in the XQuery database and look them up when needed - don't store them at all but require the request to pass them in as parameters (which offloads the burden of storing these things onto the client)
The simplest way to use them is of course to inject them into the URL, but I recall being warned that this means they can show up in logs, so it's not a recommended practice.
Probably it is better to use http:send-request() with username and password specified as attributes on the http:request method; anyone who can confirm or deny this, please do.
I will be grateful for any and all guidance.
-- **************************************************************** * C. M. Sperberg-McQueen, Black Mesa Technologies LLC * http://www.blackmesatech.comhttp://www.blackmesatech.com * http://cmsmcq.com/mibhttp://cmsmcq.com/mib * http://balisage.nethttp://balisage.net ****************************************************************