Difference between revisions of "User Management"

From BaseX Documentation
Jump to navigation Jump to search
Line 15: Line 15:
 
* A new [[User Module]] is available, which allows user management via '''XQuery'''.
 
* A new [[User Module]] is available, which allows user management via '''XQuery'''.
 
* The md5 password hash has been replaced with '''salted sha256''' and '''digest''' hashes (the current timestamp will be used as salt).
 
* The md5 password hash has been replaced with '''salted sha256''' and '''digest''' hashes (the current timestamp will be used as salt).
 +
 +
{{Mark|Warning}}: As the available md5 hashes cannot automatically be converted to the new format, existing credentials will be ignored, and you will need to recreate your user data.
  
 
Moreover, passwords in commands and XQuery functions are now specified in '''plain text''' (yes!). The rationale behind this is:
 
Moreover, passwords in commands and XQuery functions are now specified in '''plain text''' (yes!). The rationale behind this is:
Line 21: Line 23:
 
* The encoding as md5 has not been safe anyway, because md5 hashes for popular passwords can be easily uncovered with rainbow tables.
 
* The encoding as md5 has not been safe anyway, because md5 hashes for popular passwords can be easily uncovered with rainbow tables.
  
As general security measures, please ensure that your password will not end up in your bash history, and avoid sending passwords via ordinary REST requests.
+
Please remember basic security measures: ensure that your password will not end up in your bash history, and avoid sending passwords via ordinary REST requests.
  
 
==Rules==
 
==Rules==

Revision as of 01:26, 11 December 2014

This article is part of the Advanced User's Guide. The user management defines which permissions are required by a user to perform a database command or XQuery expression.

Permissions are mostly relevant in the client/server architecture, as the Standalone Mode and the GUI is run with admin permissions. There are a few exceptions such as the xquery:eval function: its execution scope can also be limited by specifying a permission.

With Version 8.0, the user management has been revised:

  • Permissions can now be manually edited, as they are stored as XML.
  • The permission file has been moved from the home directory to the database directory. It was renamed from .basexperm to users.xml.
  • Local permissions are now defined for database glob patterns instead of single databases. Both local and global permissions are stored in the same file.
  • A new User Module is available, which allows user management via XQuery.
  • The md5 password hash has been replaced with salted sha256 and digest hashes (the current timestamp will be used as salt).

Template:Mark: As the available md5 hashes cannot automatically be converted to the new format, existing credentials will be ignored, and you will need to recreate your user data.

Moreover, passwords in commands and XQuery functions are now specified in plain text (yes!). The rationale behind this is:

  • The server can now create different hashes from the original password.
  • The encoding as md5 has not been safe anyway, because md5 hashes for popular passwords can be easily uncovered with rainbow tables.

Please remember basic security measures: ensure that your password will not end up in your bash history, and avoid sending passwords via ordinary REST requests.

Rules

In the permission hierarchy below, the existing permissions are illustrated. A higher permission includes all lower permissions. For example, all users who have the write permission assigned will also be able to execute commands requiring read permission.

Local permissions are applied to databases. They have a higher precedence and override global permissions.

Permissions hierarchy

User names must follow the valid names constraints, and the database patterns must follow the Glob Syntax.

Commands

Admin permissions are required to execute all of the following commands:

Create user 'test' (password will be entered on command line). By default, the user will have no permissions ('none'):

> CREATE USER test

Change password of user 'test' to '71x343sd#':

> ALTER PASSWORD test 71x343sd#

Grant local write permissions to user 'test':

> GRANT write ON unit* TO test

Note: Local permissions overwrite global permissions. As a consequence, the 'test' user will only be allowed to access (i.e., read and write) database starting with the letters 'unit'. If no local permissions are set, the global rights are inherited.

Show global permissions:

> SHOW USERS

Show detailed information about user 'test' via XQuery:

> XQUERY user:list-details()[@name = 'test']

Drop of user 'test' via XQuery:

> XQUERY user:drop('test')

Changelog

Revised in Version 8.0.