Re: [basex-talk] Eclipse editor support and authentication

[Christian Grün]

> Re. The security: If you were providing a web site with sensitive information 
> stored in BaseX, not CC type stuff wherein a token could be used, would you 
> trust the security inherit in BaseX?  Sorry to ask, this just isn't my area 
> of expertise.

What kind of confidential/sensitive information do you want to store
in BaseX? Do you want to encode anything that’s stored in a database
or only user credentials? You could have a look at our Cryptographic
Module [1]. It allows you to partially or fully encode any data before
storing it in a database.

[1] https://docs.basex.org/wiki/Cryptographic_Module

Re: [basex-talk] Eclipse editor support and authentication

[Ben Pracht]

Re. Editor support
I hope you all understand my biggest issue is mostly with not wanting to
learn a whole new set of keys only to switch back when I'm doing my day
job. I do use the BaseX gui if I'm trying something new.

I used to use a plug-in with Marklogic that allowed Eclipse XQuery
development. Unfortunately the instructions linked to on the web site do
not result in a BaseX data source, only ExistDB. I'm not sure if at some
point the support was dropped.

Re. The security: If you were providing a web site with
sensitive information stored in BaseX, not CC type stuff wherein a token
could be used, would you trust the security inherit in BaseX?  Sorry to
ask, this just isn't my area of expertise.

This has to be one of my most favorite open source products.

Thanks and Regards,
Ben



On Fri, May 29, 2020, 07:26 Christian Grün 
wrote:

> Hi Ben,
>
> Over the time, I have encountered all kinds of development
> environments for BaseX projects, including Emacs, Vim, Sublime,
> oXygen, etc. One project was completely developed with Windows
> Notepad; I was surprised to learn that it encompassed thousands of
> lines of code ;)
>
> The BaseX GUI is definitely used by many developers, also for more
> complex web applications. Its main advantage is that project files are
> always compiled in the background. The number of available features
> and shortcuts is growing with each version, they are listed in our
> documentation [1]. A special gimmick is the »Sort Lines« feature, it’s
> very efficient even for texts with millions of lines. In an upcoming
> version, we’ll add Search & Replace for multiple files (including
> regex operations), this will facilitate refactorings.
>
> But I completely agree that the editing facilities cannot cope with
> full-fledged feature sets of Java IDEs. In earlier days, the XQuery
> Eclipse plugins were somewhat ok; today, Reece H. Dunn’s support for
> IntelliJ is definitely the better choice [2].
>
> Regarding safe authentication, you have probably already followed
> Steve’s links. Salted SHA256 hashes are currently used for passwords.
>
> Hope this helps,
> Christian
>
> [1] https://docs.basex.org/wiki/Shortcuts
> [2] https://docs.basex.org/wiki/Integrating_IntelliJ_IDEA
>
>
>
> On Mon, May 25, 2020 at 3:37 AM Ben Pracht  wrote:
> >
> > Hi Folks,
> >
> > Perhaps I'm using too new of an Eclipse (Photon), but I'm not able to
> integrate Eclipse with BaseX.  I installed the trial Oxygen plugin, though
> I don't want to pay for it.  Even then, it would not offer a BaseX
> datasource, only one for ExistDB.  I tried to install XQDT, but it could
> not be installed without downgrading many components, which I did not want
> to do.
> >
> > As an Eclipse person, using IntelliJ would not be very productive as
> I've gotten used to the Eclipse keyboard shortcuts.
> >
> > I'd like to create a server program based in BaseX with RESTful xquery
> based services.  Initially, it would be a CRUD type application.  It
> doesn't need high performance, just not terrible, and I'd like to be able
> to authenticate into it.  I'm confident BaseX can handle the task, it's
> just getting an editor capable of handling it.  Using the GUI that comes
> with BaseX is good for small tasks, but not so good for larger applications.
> >
> > It doesn't appear that there's much in the way of XQuery support in
> Eclipse anymore, and even the XQDT if it could be installed doesn't support
> the newer 3.1 type xquery (I believe I read).  Can someone recommend a good
> editor?  I'm using GVim for many small projects, though it takes work to
> get it to work with larger projects efficiently (CTags helps for C/C++
> code, but I dont' think it works with XQuery).
> >
> > Separately, would it be possible to develop a secure BaseX based
> application that users could log in, and authenticate into,  store delicate
> personal information and have it be sufficiently secure?  Could it be at
> least as secure as, say a Tomcat application?  Sorry to ask this question,
> I do app development, but usually my role comes in after the user has been
> authenticated using something like OAuth or other.
> >
> >
> > Best Regards,
> > Ben Prachtcom
>

Re: [basex-talk] Eclipse editor support and authentication

[Christian Grün]

Hi Ben,

Over the time, I have encountered all kinds of development
environments for BaseX projects, including Emacs, Vim, Sublime,
oXygen, etc. One project was completely developed with Windows
Notepad; I was surprised to learn that it encompassed thousands of
lines of code ;)

The BaseX GUI is definitely used by many developers, also for more
complex web applications. Its main advantage is that project files are
always compiled in the background. The number of available features
and shortcuts is growing with each version, they are listed in our
documentation [1]. A special gimmick is the »Sort Lines« feature, it’s
very efficient even for texts with millions of lines. In an upcoming
version, we’ll add Search & Replace for multiple files (including
regex operations), this will facilitate refactorings.

But I completely agree that the editing facilities cannot cope with
full-fledged feature sets of Java IDEs. In earlier days, the XQuery
Eclipse plugins were somewhat ok; today, Reece H. Dunn’s support for
IntelliJ is definitely the better choice [2].

Regarding safe authentication, you have probably already followed
Steve’s links. Salted SHA256 hashes are currently used for passwords.

Hope this helps,
Christian

[1] https://docs.basex.org/wiki/Shortcuts
[2] https://docs.basex.org/wiki/Integrating_IntelliJ_IDEA



On Mon, May 25, 2020 at 3:37 AM Ben Pracht  wrote:
>
> Hi Folks,
>
> Perhaps I'm using too new of an Eclipse (Photon), but I'm not able to 
> integrate Eclipse with BaseX.  I installed the trial Oxygen plugin, though I 
> don't want to pay for it.  Even then, it would not offer a BaseX datasource, 
> only one for ExistDB.  I tried to install XQDT, but it could not be installed 
> without downgrading many components, which I did not want to do.
>
> As an Eclipse person, using IntelliJ would not be very productive as I've 
> gotten used to the Eclipse keyboard shortcuts.
>
> I'd like to create a server program based in BaseX with RESTful xquery based 
> services.  Initially, it would be a CRUD type application.  It doesn't need 
> high performance, just not terrible, and I'd like to be able to authenticate 
> into it.  I'm confident BaseX can handle the task, it's just getting an 
> editor capable of handling it.  Using the GUI that comes with BaseX is good 
> for small tasks, but not so good for larger applications.
>
> It doesn't appear that there's much in the way of XQuery support in Eclipse 
> anymore, and even the XQDT if it could be installed doesn't support the newer 
> 3.1 type xquery (I believe I read).  Can someone recommend a good editor?  
> I'm using GVim for many small projects, though it takes work to get it to 
> work with larger projects efficiently (CTags helps for C/C++ code, but I 
> dont' think it works with XQuery).
>
> Separately, would it be possible to develop a secure BaseX based application 
> that users could log in, and authenticate into,  store delicate personal 
> information and have it be sufficiently secure?  Could it be at least as 
> secure as, say a Tomcat application?  Sorry to ask this question, I do app 
> development, but usually my role comes in after the user has been 
> authenticated using something like OAuth or other.
>
>
> Best Regards,
> Ben Prachtcom

Re: [basex-talk] Eclipse editor support and authentication

[Majewski, Steven Dennis (sdm7g)]

I haven’t tried Eclipse integration, but I’m using basex from Oxygen configured 
as in:

https://docs.basex.org/wiki/Integrating_oXygen 
 

You can then use BaseX in a transformation scenario. 
But the XQuery debugger is still restricted to Saxon only. 


Re: security and authentication: 

Have you looked at the sample DBA app or RESTXQ permissions:

https://docs.basex.org/wiki/DBA 

https://docs.basex.org/wiki/Permissions 



If you want to add some external authentication, you can run the basex war file 
under tomcat.
( And/or proxy thru Apache/nginx. ) 

— Steve M. 



> On May 24, 2020, at 9:37 PM, Ben Pracht  wrote:
> 
> Hi Folks,
> 
> Perhaps I'm using too new of an Eclipse (Photon), but I'm not able to 
> integrate Eclipse with BaseX.  I installed the trial Oxygen plugin, though I 
> don't want to pay for it.  Even then, it would not offer a BaseX datasource, 
> only one for ExistDB.  I tried to install XQDT, but it could not be installed 
> without downgrading many components, which I did not want to do.  
> 
> As an Eclipse person, using IntelliJ would not be very productive as I've 
> gotten used to the Eclipse keyboard shortcuts.
> 
> I'd like to create a server program based in BaseX with RESTful xquery based 
> services.  Initially, it would be a CRUD type application.  It doesn't need 
> high performance, just not terrible, and I'd like to be able to authenticate 
> into it.  I'm confident BaseX can handle the task, it's just getting an 
> editor capable of handling it.  Using the GUI that comes with BaseX is good 
> for small tasks, but not so good for larger applications.
> 
> It doesn't appear that there's much in the way of XQuery support in Eclipse 
> anymore, and even the XQDT if it could be installed doesn't support the newer 
> 3.1 type xquery (I believe I read).  Can someone recommend a good editor?  
> I'm using GVim for many small projects, though it takes work to get it to 
> work with larger projects efficiently (CTags helps for C/C++ code, but I 
> dont' think it works with XQuery).  
> 
> Separately, would it be possible to develop a secure BaseX based application 
> that users could log in, and authenticate into,  store delicate personal 
> information and have it be sufficiently secure?  Could it be at least as 
> secure as, say a Tomcat application?  Sorry to ask this question, I do app 
> development, but usually my role comes in after the user has been 
> authenticated using something like OAuth or other.
> 
> 
> Best Regards,
> Ben Prachtcom 



smime.p7s
Description: S/MIME cryptographic signature