[MarkLogic Dev General] REST API allows for downloading of code

Danny Sinang d.sinang at gmail.com
Sat Mar 28 10:34:07 PDT 2015


Hi Erik,

Thanks, but just to be clear, are you saying that, in order to prevent
normal users (who can execute REST API extensions) from accessing their
corresponding source code, I need to limit those users' roles to just the
rest-extension-user ?

Regards,
Danny



On Sat, Mar 28, 2015 at 11:08 AM, Erik Hennum <Erik.Hennum at marklogic.com>
wrote:

>  Hi, Danny:
>
>  Starting in 7.0-3 (I think), only a user with the rest-extension-user
> role can execute a REST extension.
>
>  You can define a role that inherits the rest-extension-user role and has the
> rest-reader privilege (not the rest-reader role) and rest-writer privilege (again,
> not the role).
>
>  I know that users with such roles can execute extensions and read and
> write documents.
>
>  I suspect (but haven't confirmed) that such users can't read extensions.
>
>
>  Hoping that's useful,
>
>
>    Erik Hennum
>
>    ------------------------------
> *From:* general-bounces at developer.marklogic.com [
> general-bounces at developer.marklogic.com] on behalf of Danny Sinang [
> d.sinang at gmail.com]
> *Sent:* Saturday, March 28, 2015 6:55 AM
> *To:* general
> *Subject:* [MarkLogic Dev General] REST API allows for downloading of code
>
>   ML apparently allows downloading of code for REST API resource
> extensions as documented in
> https://docs.marklogic.com/guide/rest-dev/extensions#id_20662 .
>
> For security purposes, is there a way to control which user can execute
> these REST API resource extensions and who can download their corresponding
> code ?
>
>
>  Regards,
> Danny
>
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> http://developer.marklogic.com/mailman/listinfo/general
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20150328/ecc5bcce/attachment.html 


More information about the General mailing list