Menu
▾
▴
Re: [Exist-development] [HEADS-UP] Merge in of Security Branch
|
From: Adam R. <ad...@ex...> - 2012-02-09 15:20:33
|
> Can the xquery processor (the agent) be trusted, to not allow literal output
> of some resource, that the calling user (the princpal) must not see? The way
> I see it, the devil is in /including modules/. Then there are xquery
> functions, that are probably safe - eg. import() when constructing the parse
> tree - and xquery functions that are not safe.
Exactly! If a .xqy main module script just needs 'x' permissions. Well
what does a .xqm library module need to be included in the first.
Probably 'r-x', but this would need to be changed to just 'x' as well.
> Won't this put the xquery processor in charge of enforcing permissions?
I dont want to do that. I want permissions to be enforced by the
database. So I have to refactor so that the database knows what an
XQuery module is and that permissions for execution of that are
handled differently.
> This just my outside view, please excuse, if I am off.
>
> --
> peter
--
Adam Retter
eXist Developer
{ United Kingdom }
ad...@ex...
irc://irc.freenode.net/existdb
|
