Thanks - it worked out nicely! Just commented out the <servlet>-section on REST.
Cheers, Lars 2015-01-14 15:57 GMT+01:00 Dirk Kirsten <d...@basex.org>: > Hello Lars, > > You can disable the REST interface if you do not intend to use it (and you > solely use RESTXQ). This can be done using your web server. In our default > jetty-based HTTP server you can find the servlet mapping in > WEB-INF/web.xml, where you can simply disable the servlet mapping for REST. > > Of course you could also secure this path using your web service (.e.g > requesting a HTTP authentication when accessing REST). > > Cheers, > Dirk > On 01/14/2015 03:49 PM, Lars Johnsen wrote: > > Hi all > > > > I was wondering how to block general access to BaseX when using RESTXQ. > Our > > javascript/jquery web-application communicates with BaseX using commands > > like: > > > > $('#myobject').load('objects') > > > > where the term 'objects' is defined as a path in a .xqm-file. > > > > declare %rest:path("/objects") > > > > However, databases are exposed using the URL "/rest" which seems built > into > > the rest-module. For example, in the javascript/jquery console (f.ex. in > > Chrome ), a div could be filled up with content outside of the > application > > by typing things like: > > > > $('div').load('rest/my_database') > > > > and general queries could be made using the rest-interface > > http://docs.basex.org/wiki/REST. > > > > Is there a way to prevent this, while at the same time using BaseX as > > web-server (one way is to use BaseX only as a backend database)? Or how > to > > limit the URLs permitted? > > > > > > Best > > Lars > > > > -- > Dirk Kirsten, BaseX GmbH, http://basexgmbh.de > |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz > |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer: > | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle > `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22 > >