Dear Radim,
Welcome to the list.
- BaseX GUI is automatically opened with administration permissions without
any login request. Can it be fixed?
As the GUI has been designed for local standalone usage, no user can be specified. If you plan to use BaseX in a distributed environment, the DBA web interface may be the better choice.
- Once user is created in a database, he or she has the same rights in all
databases. Can it be fixed so the user has particular permisssion per database?
That’s possible. By default, new users have no permissions, and you can assign user names and patterns to databases [1].
- Or better, would it be posssible to set user permission per collection
(like in Sedna or MonoDB)?
In BaseX, user permissions are always defined for databases.
- I can see the users are stored in users.xml file, including with their
permission and hashed password. It is a security issue for us because the digest hash can be decrypted in few seconds. Is it possible to obscure that sensitive information, or to not store it in the file?
How would you proceed to decode it that quickly? – The digest hash is only required for HTTP digest authentication; feel free to remove it from the users.xml file.
- All queries are stored in logs. Queries for user creation or password
change are stored in plain text there. Is there a way to obscure that sensitive information?
Passwords won’t be stored in the logs, so you’ll be safe.
- It only is possible to create BaseX users. Is Active Directory account
support in road-map, especially support for AD groups? It would be much appreciated.
Not yet. Sorry, I cannot give you any timeline, because it currently has no high priority for us.
- BaseX supports http protocol. Is it possible to make it work with https
protocol as well?
Absolutely.
Hope this helps, Christian