> Subject: more access control thoughts (long) > Hi Jim, We've been using Xindice for about a year in a number of different applications and the question about security has come up many times.
In our use of Xindice it is largely accessed by a single app and occasionally by the command line tools to do low level admin (app always shut down) and our thinking of how to approach security comes from that. We are really interested in embedding xindice inside our app more than any kind of server type access to the datastore - one of the apps is a GUI based one, i.e. preferably no server at all. We see the Xindice store as just a file that our app will use that happens to have a very sexy way of dealing with its contents. For this we are happy to just use the base OS security to let us in or not to the data. The major problem with this being concurrent access to the store so that multiple processes that have permissions to the store don't mess each other up. Being able to lock a portion of a collection or a whole collection would be ideal for us - similar to lockf but based on resource id in the collection rather than purely data length. For times when Xindice is being used as a server your suggestion of basing all servlets of a base XindiceServlet makes most sense to me. The problem with other code getting at the data under the covers again brings up the benefits of being able to lock portions of the store - if we could do that there would be no need to worry. I have to say that I'm largely ignorant as to the internals of Xindice and so my comments about locking may be entirely misplaced and a major reworking of the guts of Xindice may be required to support this. I understand Java's lack of any support for locking until 1.4 may make this more difficult. It would be interesting to see how other people are using Xindice and how that impacts the possible security options. Is it being used in most places as a server with various clients talking to it? Or are there other folks that are looking to use an xml store similarly to us - inside apps and not having any remote/server access to the store? peter w.
