[MarkLogic Dev General] REST API allows for downloading of code

Erik Hennum Erik.Hennum at marklogic.com
Sat Mar 28 08:08:08 PDT 2015


Hi, Danny:

Starting in 7.0-3 (I think), only a user with the rest-extension-user role can execute a REST extension.

You can define a role that inherits the rest-extension-user role and has the rest-reader privilege (not the rest-reader role) and rest-writer privilege (again, not the role).

I know that users with such roles can execute extensions and read and write documents.

I suspect (but haven't confirmed) that such users can't read extensions.


Hoping that's useful,


Erik Hennum

________________________________
From: general-bounces at developer.marklogic.com [general-bounces at developer.marklogic.com] on behalf of Danny Sinang [d.sinang at gmail.com]
Sent: Saturday, March 28, 2015 6:55 AM
To: general
Subject: [MarkLogic Dev General] REST API allows for downloading of code


ML apparently allows downloading of code for REST API resource extensions as documented in https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 .

For security purposes, is there a way to control which user can execute these REST API resource extensions and who can download their corresponding code ?


Regards,
Danny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20150328/5eff1f12/attachment.html 


More information about the General mailing list