This section in the "understanding and Using Security Guide" gives the basic pattern for a login page:
http://docs.marklogic.com/4.2doc/docapp.xqy#display.xqy?fname=http://pubs/4.2doc/xml/security/recipes.xml%2322120 It involves having a user (ie, nobody) be able to access this page (and possible others), but letting them log in as a different user if they need to do something more privileged. -Danny -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tim Finney Sent: Tuesday, July 19, 2011 2:11 PM To: [email protected] Subject: [MarkLogic Dev General] How to for common security use cases Hi All, Further to the other messages of today relating to user credentials, I want to use xqmvc as a pattern for an app which will allow lots of nobodies to search and see documents in a database. The nobodies should not have to log in to do this. These nobodies may even need to trigger database updates (e.g. so that their search strings and error reports can be recorded). Also, I wouldn't mind knowing the recommended set up for an app based on xqmvc that, say, asks a series of questions to log in a user. (Having to give the nobody user the admin role so that the log in dialog can be served doesn't seem like a good idea.) Is there a how-to that says what is the best way to do this with ML? (I'd love to see a "Suggested security patterns for common use cases" recipe doc.) I have seen this thread mentioned earlier today: http://marklogic.markmail.org/thread/qksxukhdbdri6ozx I also saw Justin Makeig's reply to Manoj, which gives me a clue about how to do the "many nobodies" case above. Best, Tim Finney _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
