xml-xindice-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Honglin Ye <...@aoc.nrao.edu>
Subject Re: access control in xindice
Date Tue, 10 Feb 2004 16:16:53 GMT
Vadim Gritsenko wrote:

> Honglin Ye wrote:
> 
>> Hi, Vadim,
>>     While I am trying to convince people here we can use
>> Xindice as our storage component, I found one thing we need
>> but not yet in xindice.
>>     We need the access control. We can not let people who knows
>> the host and port to freely query xindice.
> 
> 
> 
> But, generally speaking, it should be behind a firewall.
> 
> 
>>     I think it should be sufficient to enforce a 'password on 
>> collections'.
>> If a password is set at the collection create time, the access to the 
>> collection
>> and all the child collections later on requires the password. This can be
>> down on commandline and on programming call.
>>      Do I think about the right thing?
> 
> 
> 
> Not exactly. The easiest (fastest) way to add simple username/password 
> protection is to do so by protecting xindice webapp in web.xml.
> 
> More complicated (and better) solution will use username/password 
> provided via Database.getCollection() and give/reject access to the 
> collection based on the authentication (password matches username), and 
> authorization (user is in the group which has access to the collection) 
> rules.
> 
> Authorization / authentication information should be stored in the db 
> itself, in system collection.
> 
> Vadim
> 
> 
> 
Hi, Vadim,
     Thanks. Is the solution you provide already in? I need 'the better' solution.
I have to hide it from most people within firewall. Where is the instructions
for authentication stuff?
Honglin


Mime
View raw message