Hi Gaurav,
The idea to protect URL is cool, may you open a new issue?
About change the current user:
db.switchUser("writer", "mypassword");
Lvc@
On 22 July 2014 05:25, Gaurav Dhiman <[email protected]> wrote:
> One more him to ask.
>
> You mentioned about creating www user and switching users in OrientDB
> function. How to do that ? How can we switch the user, what call to make ?
> Kindly share example code.
>
> Regards,
> Gaurav
> On Jul 22, 2014 8:53 AM, "Gaurav Dhiman" <[email protected]> wrote:
>
>> Hi Luca,
>>
>> Thanks for sharing workarounds but isn't there a better way to block port
>> and IPs at OrientDB level using its configuration ? I think this an be
>> added as functionality as many people would like to block the default REST
>> layer, only allowing access through function defined REST layer. It will be
>> good even if the functions an be marked as public (accessible over REST),
>> private (not accessible over REST, can only be called by other functions),
>> this is something which Wakanda provides.
>>
>> Regards,
>> Gaurav
>> On Jul 22, 2014 3:26 AM, "Luca Garulli" <[email protected]> wrote:
>>
>>> Hi Gaurav,
>>> Simon is right. you could also put Apache in form of OrientDB and use
>>> Apache rules to protect it.
>>>
>>> Another solution we adopted is to create a www user with no privilege,
>>> but executing functions. In your functions you can change user to writer or
>>> any other user with privilege to work against the database.
>>>
>>>
>>> Lvc@
>>>
>>>
>>>
>>> On 21 July 2014 21:17, <[email protected]> wrote:
>>>
>>>> You should be able to block external access to the port via your
>>>> external firewall.
>>>>
>>>> Some options are:
>>>>
>>>> 1. If the server side functions are happening on the same server as
>>>> OrientDB, make sure that local server side connections happen via the
>>>> loopback address 127.0.0.1.
>>>>
>>>> 2. Another option: set up another LAN IP (ex: 192.168.0.22) for
>>>> internal access to the database via the REST API. Then set your firewall to
>>>> block access from the other external IP address.
>>>>
>>>> 3. If you're restricted to 1 IP (ex: some cloud systems or VPS), you
>>>> have a few options.
>>>> One is, you can use a VPN for internal access.
>>>>
>>>> Another is, that you should still be able to create a whitelist of IPs
>>>> that can access the server on that port.
>>>> It depends on your OS and your firewall.
>>>>
>>>>
>>>>
>>>>
>>>> On Tuesday, March 18, 2014 2:18:43 PM UTC-4, Gaurav Dhiman wrote:
>>>>>
>>>>> Stefan,
>>>>>
>>>>> Thanks for response.
>>>>> I want to restrict default REST access but want to allow access
>>>>> through OrientDB server side functions, so blocking port will even block
>>>>> access to functions defined in OrientDB.
>>>>>
>>>>> Example:
>>>>> I want to block calls like
>>>>> http://<host>:<port>/document/<db>/5:3
>>>>> http://<host>:<port>/cluster/<db>/demoClass
>>>>>
>>>>> Want to still have REST access to functions defined in OrientDB; call
>>>>> like:
>>>>> http://<host>:<port>/function/<db>/myFunction/arg1/arg2
>>>>>
>>>>>
>>>>> Regards,
>>>>> Gaurav
>>>>>
>>>>>
>>>>>
>>>>> On Tuesday, March 18, 2014 11:17:02 PM UTC+5:30,
>>>>> [email protected] wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> You can block the port that OrientDB runs on.
>>>>>> You can either do this locally on the machine or limit access to the
>>>>>> machine if it's running on a sub-net.
>>>>>>
>>>>>> Regards,
>>>>>> -Stefán
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tuesday, 18 March 2014 12:52:51 UTC, Gaurav Dhiman wrote:
>>>>>>>
>>>>>>> Thanks Dexter for info.
>>>>>>>
>>>>>>> Building our REST layer is always an option but that does not block
>>>>>>> the direct DB access. If a user directly connects to DB on bare
>>>>>>> HTTP/REST,
>>>>>>> he will be able to access thins on it in his/her browser, I want to
>>>>>>> block
>>>>>>> that and only allow access through functions defined at OrientDB end.
>>>>>>>
>>>>>>> Thanks again for sharing your idea.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Gaurav
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Sunday, March 16, 2014 12:19:33 AM UTC+5:30, Dexter Pratt wrote:
>>>>>>>>
>>>>>>>> In our case, we built our own REST server application to implement
>>>>>>>> our API - which is responsible for authentication, authorization, and
>>>>>>>> limits on queries - and it accesses OrientDB.
>>>>>>>>
>>>>>>>> It would be cool to do the whole thing in Orient, but our cases
>>>>>>>> are sufficiently complex that I think we need the separate REST server
>>>>>>>> layer.
>>>>>>>>
>>>>>>>> I'll be interested to see how far you can push this.
>>>>>>>>
>>>>>>>> - Dexter
>>>>>>>>
>>>>>>>> Dexter Pratt
>>>>>>>> Director, NDEx project
>>>>>>>> Ideker Lab UCSD / Cytoscape Consortium
>>>>>>>> [email protected] - [email protected]
>>>>>>>> www.ndexbio.org
>>>>>>>>
>>>>>>>> On Saturday, March 15, 2014 at 11:39 AM, Gaurav Dhiman wrote:
>>>>>>>>
>>>>>>>> Any suggestions on this?
>>>>>>>> How to block default HTTP/REST access to DB and only allow access
>>>>>>>> on HTTP/REST through server side functions ?
>>>>>>>>
>>>>>>>> Any suggestions will help a lot.
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Gaurav
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Thursday, March 13, 2014 8:55:14 PM UTC+5:30, Gaurav Dhiman
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>> Hi,
>>>>>>>>
>>>>>>>> I do not want the default HTTP/REST access open for anyone to look
>>>>>>>> into DB (even logged-in user).
>>>>>>>> I want to give access on HTTP/REST through server defined functions
>>>>>>>> only, all other REST access should not be allowed.
>>>>>>>>
>>>>>>>> How to achieve it ?
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>> Gaurav
>>>>>>>>
>>>>>>>> --
>>>>>>>>
>>>>>>>> ---
>>>>>>>> You received this message because you are subscribed to the Google
>>>>>>>> Groups "OrientDB" group.
>>>>>>>> To unsubscribe from this group and stop receiving emails from it,
>>>>>>>> send an email to [email protected].
>>>>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "OrientDB" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
>>>
>>> ---
>>> You received this message because you are subscribed to a topic in the
>>> Google Groups "OrientDB" group.
>>> To unsubscribe from this topic, visit
>>> https://groups.google.com/d/topic/orient-database/7IJf5d_LcoI/unsubscribe
>>> .
>>> To unsubscribe from this group and all its topics, send an email to
>>> [email protected].
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>> --
>
> ---
> You received this message because you are subscribed to the Google Groups
> "OrientDB" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> For more options, visit https://groups.google.com/d/optout.
>
--
---
You received this message because you are subscribed to the Google Groups
"OrientDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
