[xquery-talk] questions about security and dynamically
constructedqueries
Jason Hunter
jhunter at servlets.com
Tue Oct 21 16:34:28 PDT 2003
For some reason the following mail was "automatically discarded" from
the list. I'm not sure why so I'm resending for Srini.
-jh-
From: "Srinivas Pandrangi" <srinivas at ipedo.com>
Date: Tue, 21 Oct 2003 15:10:25 -0700
To: "Dhruba Borthakur" <dhruba_borthakur at hotmail.com>, <talk at xquery.com>
dhruba
>>
>> 1. Most of the XQuery implementations that I am familiar with
>> supports security at the database level. An user connects to the
>> repository using a loginname/password. Once authenticated, the user
>> can run queries against all the data in the repository.
>> Is there any implementation that associates security per
>> document (or collection)?
>>
You can do this with Ipedo. You can associate ACLs which can control
access to most database resources (including documents and collection).
>> 2. One XQuery implementation (that I am familiar with) has implemented
>> vendor extensions that allow constructing and executing a query
>> dynamically. Do other implementations support a similar
>> functionality?
If you mean what Michael Kay has suggested (EXSLT dyn:evaluate(String)),
we don't support it at this time.
>>
>> 3. In my XQuery code, I want to discover if a particular library is
>> available. Only if it is available, I want to execute a
>> function in the
>> library. If the library does not exist, that I want to
>> proceed ahead
>> and do other things. Can I do achieve this functionality
>> using only
>> XQuery?
>> (I know I can do this from a Java wrapper that looks at a specified
>> pathname and constructs a dynamic query (prefix an import
>> statement) if the library module at the specified path exists.)
As you suggest, you can use our APIs (Java/.Net) to inspect available
library modules, also, information about modules known to the system can
be queried using XQuery. So yes, in queries you can determine if a
module is available and if it contains a particular function.
More information about the talk
mailing list