From: Wolfgang M. <wol...@ex...> - 2008-02-13 12:13:30
|
> Im not sure what the util:file-read() function is for? The docs are very > erm... unhelpful. If I remember well, we introduced that function to run the XQuery test suite. It's primary purpose is to load non-XML data from an URI. You can certainly load XML data with it as well. The standard doc() function might be more appropriate though. > 1) Security - you can post xquery to any running eXist server. Do we really > want people accessing the filesystem, they could be anyone from anywhere, > what security do we need? The standard doc() function can load data from arbitrary URIs, including file:. Concerning security, it is always a risk if users are allowed to pass unchecked XQuery code into your application. We could certainly add a switch to forbid file: URIs completely, but I'm not sure it is really needed. > 2) We want users to store there data in the db, if they see functions for > accessing data from the fs, they will almost certainly try and process data > directly from there which will result in terrible performance. Yes, true. However, it should be obvious that in order to benefit from an XML DB you need to store your documents into it. Anyway, right now, querying in-memory resources (i.e. resources not stored in the db) is indeed a huge problem in eXist. The query engine cannot really operate on the in-memory DOM and needs to save it into a temporary fragment first. The good news is that those problems will be solved very soon... > Conversely I am a bit worried about bloat and sprawl in the modules. I > think we really need only one function signature for each distinct function > (in the majority of cases) - the most complex signature, with any additional > arguments to the basic signature being optional through providing empty > sequences as the arguments. I'm not sure about that. I guess many users will find it easier to just omit an argument than pass () for it ;-) But I agree the function modules need a bit of clean up, in particular the xmldb functions. I think they should be largely rewritten to use the internal API instead of XML:DB. Wolfgang |