Menu
▾
▴
Re: [Exist-development] Security
|
From: Adam R. <ad...@ex...> - 2012-02-06 23:34:45
|
> # Exposing all of db through the "apps" namespace in addition to the "rest"
> namespace, from the "security is a process" standpoint, does not look a good
> decision. MVC theory instead proposes, to store (confidential) data outside
> of the web-root.
Yes I agree the security concerns here are bad.
> # I have the gut feeling, that by requesting a restricted resource from
> "rest" space, thereby adding credentials via http-auth, that this creates a
> server side session, allowing me to browse "admin.xql" without being
> prompted for login. Rest is said to be stateless, though.
Yes that is the case.
> I hope, this sounds sufficiently sober to be considered.
I plan to launch Project Sleepy at Prague. This should solve both of
your above concerns I hope.
> Yours
>
> Peter
>
--
Adam Retter
eXist Developer
{ United Kingdom }
ad...@ex...
irc://irc.freenode.net/existdb
|
