Hi Günter,
As supplied Openshift BaseX quick start has REST and Webdav disabled. [1] which avoids any potential security issues via these routes. I would expect your config to require [2]: curl -i -X DELETE "http://admin:xxx@xxx-xxx.rhcloud.com/rest/factbook"
Can you get the same behaviour with a local BaseX installation?
/Andy
[1] https://github.com/Quodatum/openshift-basex-quick-start/blob/master/basex/we... [2] http://docs.basex.org/wiki/Web_Application#User_Management
On 28 March 2016 at 16:14, Günter Dunz-Wolff kleist@mail.dunzwolff.de wrote:
Hi all,
I'm in the beginning of a BaseX basexhttp installation on OpenShift. I'm using Openshift quick start for BaseX from Andy Bunce. For my tests, I'm working with a simple factbook-db. Everything is working, but I can't figure out, how to protect the database to be deleted via the REST-Interface:
With a simple curl -i -X DELETE "http://xxx-xxx.rhcloud.com/rest/factbook" the Database is dropped.
In the database, there is only the user admin. In web.xml the REST-servlet is configured with
<servlet> <servlet-name>REST</servlet-name> <servlet-class>org.basex.http.rest.RESTServlet</servlet-class> <init-param> <param-name>org.basex.user</param-name> <param-value>admin</param-value> </init-param> <init-param> <param-name>org.basex.password</param-name> <param-value>xxx</param-value> </init-param> </servlet>
<servlet-mapping> <servlet-name>REST</servlet-name> <url-pattern>/rest/*</url-pattern> </servlet-mapping>
What part of the security-management am I missing? Thanks a lot for any help.
Best regards, Günter Dunz-Wolff