You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<listitem><para>We recommend to prevent eXist's REST server from directly recieving web requests, and use URL Rewriting to control code execution via URL instead. This feature is enabled by default in <filename>$EXIST_HOME/webapp/WEB-INF/web.xml</filename>. Changing the param-value to true, allows you to filter request via your own XQuery controller.</para>
165
165
<programlistinglanguage="xml"><init-param>
166
-
<param-name>hidden</param-name>
167
-
<param-value>true</param-value>
166
+
<param-name>hidden</param-name>
167
+
<param-value>true</param-value>
168
+
</init-param></programlisting>
169
+
<para>The following options allow a more fine-grained control over aspects of remote code execution:</para>
170
+
</listitem>
171
+
</varlistentry>
172
+
<varlistentry>
173
+
<term>XQuery submissions</term> <listitem><para>We recommend to restrict the REST servers ability to execute XQuery code to authenticated users, by modifying:<filename>$EXIST_HOME/webapp/WEB-INF/web.xml</filename>.</para>
<listitem><para>In addtion, we recommend to retrict the REST servers ability to execute XUpdate statements, because of the sensitive nature of update operation. Simply modify <filename>$EXIST_HOME/webapp/WEB-INF/web.xml</filename>by changing the para-value from enabled to disabled.</para>
180
+
<listitem><para>In addtion, we recommend to restrict the REST servers ability to execute XUpdate statements, because of the sensitive nature of update operation. Simply modify <filename>$EXIST_HOME/webapp/WEB-INF/web.xml</filename>by changing the param-value from enabled to disabled.</para>
0 commit comments