[MarkLogic Dev General] REST API allows for downloading of code
d.sinang at gmail.com
Sat Mar 28 10:34:07 PDT 2015
Thanks, but just to be clear, are you saying that, in order to prevent
normal users (who can execute REST API extensions) from accessing their
corresponding source code, I need to limit those users' roles to just the
On Sat, Mar 28, 2015 at 11:08 AM, Erik Hennum <Erik.Hennum at marklogic.com>
> Hi, Danny:
> Starting in 7.0-3 (I think), only a user with the rest-extension-user
> role can execute a REST extension.
> You can define a role that inherits the rest-extension-user role and has the
> rest-reader privilege (not the rest-reader role) and rest-writer privilege (again,
> not the role).
> I know that users with such roles can execute extensions and read and
> write documents.
> I suspect (but haven't confirmed) that such users can't read extensions.
> Hoping that's useful,
> Erik Hennum
> *From:* general-bounces at developer.marklogic.com [
> general-bounces at developer.marklogic.com] on behalf of Danny Sinang [
> d.sinang at gmail.com]
> *Sent:* Saturday, March 28, 2015 6:55 AM
> *To:* general
> *Subject:* [MarkLogic Dev General] REST API allows for downloading of code
> ML apparently allows downloading of code for REST API resource
> extensions as documented in
> https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 .
> For security purposes, is there a way to control which user can execute
> these REST API resource extensions and who can download their corresponding
> code ?
> General mailing list
> General at developer.marklogic.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the General