Probably what you need to do is create an amp for the function that xqmvc uses that calls xdmp-eval. That function should be amped to a role that has that privilege (you will probably have to create such a role).
I have not played much with xqmvc, so I do not know the specifics. But adding that amp will get you past this first problem. There might be other things xqmvc does that require amps. -Danny -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Tim Finney Sent: Tuesday, July 19, 2011 4:51 PM To: [email protected] Subject: Re: [MarkLogic Dev General] How to for common security use cases Thanks to Danny Sokolsky and Jason Hunter for their helpful suggestions. When I try to run the example xqmvc app as nobody I get a SEC-PRIV error: Need privilege: http://marklogic.com/xdmp/privileges/xdmp-eval Does this mean I have to give my "public" user the ability to do xdmp:eval? I would prefer not to do this as I am paranoid about injection attacks. To be more specific, has anyone come up with a rendition of xqmvc that allows public access to database docs but does not require nobodies to be given the ability to do xdmp:eval (or invoke)? Tim Finney _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general _______________________________________________ General mailing list [email protected] http://developer.marklogic.com/mailman/listinfo/general
