Be very careful in putting the REST API on a port with public access. If you do, anyone with database credentials will be able to have direct access to the database. The REST API isn't intended for public exposure. Same as an XDBC port, it's for internal access.
-jh- On May 8, 2015, at 1:40 AM, David Ennis <[email protected]> wrote: > HI. > > This type of scenario seems very possible with the Enhanced HTTP erver > configuration options available in Version 8. One of the most obvious > out-of-the-box benefits of the new server rewrite engine is the fact that you > need not have a separate port for your web app and REST API, for example. > Consider also that you have control over quite a bit - including switching > module databases and content databases as part of the rewrite rules - which > may be of benefit to you for what you describe. > > http://developer.marklogic.com/features/enhanced-http > > > > > > > > Kind Regards, > David Ennis > > > David Ennis > Content Engineer > > > Mastering the value of content > creative | technology | content > > Delftechpark 37i > 2628 XJ Delft > The Netherlands > T: +31 88 268 25 00 > M: +31 63 091 72 80 > > > > On 7 May 2015 at 17:28, cyanline llc <[email protected]> wrote: > Hello, > Looking for a bit of philosophical help here. We're deploying > rest-apps with Roxy to one site. We have built a second site where users > register, login, and perform a number of actions. Then, when the user is > ready to use the marklogic rest-app, we pass them from the second site > to the marklogic site. > We would like that the user need not authenticate themselves again > *and* that a user only has access to their rest-app, but not the others. > With this current setup, we can see that we either need to pass the > session data from one server to another, or have a third-party server > track and share session data with the other 2 servers (ie ldap). > Is ldap the way to go or are we way off with this current setup/there > is a better way to do this? > > Thank you > > _______________________________________________ > General mailing list > [email protected] > Manage your subscription at: > http://developer.marklogic.com/mailman/listinfo/general > > _______________________________________________ > General mailing list > [email protected] > Manage your subscription at: > http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
