Hi,
We are providing an cloud based application development environment with
using the basex database. We want to allow developers can write xquery
commands to access database but some security issues has appeared.
For example " file:list('c:/') " query returns the list of C:\ directory.
Is it possible to exclude some of modules from basex engine or is there any
other way to execute query in sandbox environment which allows only FLWOR
expressions and basic modules like "Math".
Scanning "file:" like prefixes may be a solution but maybe there is a
better way to do it.
Thank you for help.
--
Ertan TİKE
<http://www.6kare.com>
_______________________________________________
BaseX-Talk mailing list
[email protected]
https://mailman.uni-konstanz.de/mailman/listinfo/basex-talk
