Thanks - it worked out nicely! Just commented out the <servlet>-section on
REST.
Cheers,
Lars
2015-01-14 15:57 GMT+01:00 Dirk Kirsten <d...@basex.org>:
> Hello Lars,
>
> You can disable the REST interface if you do not intend to use it (and you
> solely use RESTXQ). This can be done using your web server. In our default
> jetty-based HTTP server you can find the servlet mapping in
> WEB-INF/web.xml, where you can simply disable the servlet mapping for REST.
>
> Of course you could also secure this path using your web service (.e.g
> requesting a HTTP authentication when accessing REST).
>
> Cheers,
> Dirk
> On 01/14/2015 03:49 PM, Lars Johnsen wrote:
> > Hi all
> >
> > I was wondering how to block general access to BaseX when using RESTXQ.
> Our
> > javascript/jquery web-application communicates with BaseX using commands
> > like:
> >
> > $('#myobject').load('objects')
> >
> > where the term 'objects' is defined as a path in a .xqm-file.
> >
> > declare %rest:path("/objects")
> >
> > However, databases are exposed using the URL "/rest" which seems built
> into
> > the rest-module. For example, in the javascript/jquery console (f.ex. in
> > Chrome ), a div could be filled up with content outside of the
> application
> > by typing things like:
> >
> > $('div').load('rest/my_database')
> >
> > and general queries could be made using the rest-interface
> > http://docs.basex.org/wiki/REST.
> >
> > Is there a way to prevent this, while at the same time using BaseX as
> > web-server (one way is to use BaseX only as a backend database)? Or how
> to
> > limit the URLs permitted?
> >
> >
> > Best
> > Lars
> >
>
> --
> Dirk Kirsten, BaseX GmbH, http://basexgmbh.de
> |-- Firmensitz: Blarerstrasse 56, 78462 Konstanz
> |-- Registergericht Freiburg, HRB: 708285, Geschäftsführer:
> | Dr. Christian Grün, Dr. Alexander Holupirek, Michael Seiferle
> `-- Phone: 0049 7531 28 28 676, Fax: 0049 7531 20 05 22
>
>
