[xquery-talk] questions about security and dynamically constructedqueries

Jason Hunter jhunter at servlets.com
Tue Oct 21 16:34:28 PDT 2003 

For some reason the following mail was "automatically discarded" from 
the list.  I'm not sure why so I'm resending for Srini.

-jh-

From: "Srinivas Pandrangi" <srinivas at ipedo.com>
Date: Tue, 21 Oct 2003 15:10:25 -0700
To: "Dhruba Borthakur" <dhruba_borthakur at hotmail.com>, <talk at xquery.com>

dhruba

 >>
 >> 1. Most of the XQuery implementations that I am familiar with
 >>    supports security at the database level. An user connects to the
 >>    repository using a loginname/password. Once authenticated, the user
 >>    can run queries against all the data in the repository.
 >>    Is there any implementation that associates security per
 >>    document (or collection)?
 >>

You can do this with Ipedo. You can associate ACLs which can control 
access to most database resources (including documents and collection).


 >> 2. One XQuery implementation (that I am familiar with) has implemented
 >>    vendor extensions that allow constructing and executing a query
 >>    dynamically. Do other implementations support a similar
 >> functionality?


If you mean what Michael Kay has suggested (EXSLT dyn:evaluate(String)), 
we don't support it at this time.


 >>
 >> 3. In my XQuery code, I want to discover if a particular library is
 >>    available. Only if it is available, I want to execute a
 >> function in the
 >>    library. If the library does not exist, that I want to
 >> proceed ahead
 >>    and do other things. Can I do achieve this functionality
 >> using only
 >> XQuery?
 >>    (I know I can do this from a Java wrapper that looks at a specified
 >>    pathname and constructs a dynamic query (prefix an import
 >>    statement) if the library module at the specified path exists.)


As you suggest, you can use our APIs (Java/.Net) to inspect available 
library modules, also, information about modules known to the system can 
be queried using XQuery. So yes, in queries you can determine if a 
module is available and if it contains a particular function.

More information about the talk mailing list