Bureaucrats, editor, reviewer, Administrators
13,550
edits
Changes
Jump to navigation
Jump to search
With <b>Version 8The permission file is located in the '''database directory'''; it is called {{Code|users.xml}}. This file can be manually edited; it will be parsed when BaseX is started.0</b>, the user management has been revised:
* Permissions can now be '''manually edited''', as they are stored as XML.* The permission file has been moved from the home directory to the '''database directory'''. It was renamed from {{Code|.basexperm}} to {{Code|users.xml}}.* Local permissions are now defined for database '''glob patterns''' instead of single databases. Both local and global permissions are stored in the same file.* A new [[User Module]] is available, which allows user management via '''XQueryGlob patterns'''are used for local database permissions.* MD5 password hashing has been discarded, as many md5 hashes can be easily uncovered with rainbow tables.* '''Salted sha256''' hashes are now used for authentication (the current timestamp will be used as salt).* Additionally, '''digest''' hashes are used in the client/server architecture and the [[Clients|Language Bindings]], and in the [[Web Application|HTTP Context]] if the [[Options#AUTHMETHOD|AUTHMETHOD]] is set to {{Code|Digest}}.
Passwords in commands and XQuery functions are now specified in '''plain text'''. The rationale behind this is: * Transmission Please take care of passwords as md5 has not been safe anyway, as indicated above.* Different hash values can now be created from the original password. You will be safe if you follow basic usual security measures: ensure that your password will not end up in your bash history, avoid sending passwords via ordinary REST requests, etc.
no edit summary
This article is part of the [[Advanced User's Guide]].The user management defines which permissions are requiredby a user to perform a database command or XQuery expression.
Permissions are mostly relevant in the client/server architecture, as the[[Standalone Mode]] and the [[GUI]] is run with admin permissions.There are a few exceptions such as the [[XQuery Module#xquery:eval|xquery:eval]] function:its Its execution scope can also be limited by specifying a permission.
{{Mark|Warning}}: As the available md5 hashes cannot automatically be converted to the new format, existing credentials will be ignored, and you will need to recreate your user data. Moreover, we will incrementally provide new [[Clients|Language Bindings]], which will be based on the digest hashes.
==Rules==
<code>> XQUERY user:drop('test')</code>
==XQuery==
The [[User Module]] allows you to organize users via '''XQuery'''. An example:
'''Create user 'test' with no permissions:
<code>db:create('test', 'top-secret')</code>
=Changelog=
Revised in Version 8.0.
