I don't know much about xindice. However.... You can (I think) actually shut off outside access in 2 ways - the first, in the system.xml config file, set the host attribute of the http server to 127.0.0.1 (loopback) that way it is inaccessable to anyone else.
Also, put a firewall on the machine to restrict access to the port, if you want to be sure. Dan -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 27, 2002 3:00 PM To: [email protected] Subject: Access control I know access control has already been discussed on this list before, but I want to ask what the best strategy would probably be for adding it on my own. It seems to me that if you just implement access control at the application layer, a programmer could still remotely access your data db instance over http if he or she knows the port number. So I was thinking along the lines of somehow controlling the http access or the services that are obtained from collection objects so that they require credentials to be passed. Perhaps this isn't the best approach (that is why I'm asking! >8) I also notice that under the system collection there are subcollections SystemGroups, SystemUsers, and SystemAccess (and others). Can I place documents in these describing access control and if so will Xindice actually enforce my access control rules? I see in the API-docs that there is a security package. Does THAT have anything to do with this? I couldn't find anything about this in documentation nor the mailing list archives. Thanks for any help. /S -- Steven Cummings <[EMAIL PROTECTED]> Columbia, MO __________________________________________________________________ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with [EMAIL PROTECTED] http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
