r***@post.cz
2017-06-05 08:45:57 UTC
Hello,
we would like to build our database application on BaseX in our company.
However, we would need to solve following issues we encountered with.
1) BaseX GUI is automatically opened with administration permissions without
any login request. Can it be fixed?
2) Once user is created in a database, he or she has the same rights in all
databases. Can it be fixed so the user has particular permisssion per
database?
3) Or better, would it be posssible to set user permission per collection
(like in Sedna or MonoDB)?
4) I can see the users are stored in users.xml file, including with their
permission and hashed password. It is a security issue for us because the
digest hash can be decrypted in few seconds. Is it possible to obscure that
sensitive information, or to not store it in the file?
5) All queries are stored in logs. Queries for user creation or password
change are stored in plain text there. Is there a way to obscure thatÂ
sensitive information?
6) It only is possible to create BaseX users. Is Active Directory account
support in road-map, especially support for AD groups? It would be much
appreciated.
7) BaseX supports http protocol. Is it possible to make it work with https
protocol as well?
If there is an answer "no" on some of those questions above, is correction
of those issuees in road-map?
Thank you for your answers in advance.
Best regards,
Radim Havlicek
Test Engineer III
 Honeywell International s.r.o.
we would like to build our database application on BaseX in our company.
However, we would need to solve following issues we encountered with.
1) BaseX GUI is automatically opened with administration permissions without
any login request. Can it be fixed?
2) Once user is created in a database, he or she has the same rights in all
databases. Can it be fixed so the user has particular permisssion per
database?
3) Or better, would it be posssible to set user permission per collection
(like in Sedna or MonoDB)?
4) I can see the users are stored in users.xml file, including with their
permission and hashed password. It is a security issue for us because the
digest hash can be decrypted in few seconds. Is it possible to obscure that
sensitive information, or to not store it in the file?
5) All queries are stored in logs. Queries for user creation or password
change are stored in plain text there. Is there a way to obscure thatÂ
sensitive information?
6) It only is possible to create BaseX users. Is Active Directory account
support in road-map, especially support for AD groups? It would be much
appreciated.
7) BaseX supports http protocol. Is it possible to make it work with https
protocol as well?
If there is an answer "no" on some of those questions above, is correction
of those issuees in road-map?
Thank you for your answers in advance.
Best regards,
Radim Havlicek
Test Engineer III
 Honeywell International s.r.o.