Database Reference
In-Depth Information
Security Basics
The basic authentication model in eXist follows the Unix model of having users and
groups of users. eXist does not support groups of groups. Each resource and collec‐
tion in the database is assigned an owner user, group, and mode. The mode describes
the access permissions that the owner, user group, and other users have to that
resource or collection.
User and group names in eXist are case-sensitive, so, for example,
the username
James
is not the same as
james
.
Out of the box, eXist's internal authentication realm provides you with some default
users and groups to get you started.
Users
Table 8-1
outlines the default users provided with eXist out of the box.
Table 8-1. Default users
Username
Description
The
guest
user represents unauthenticated users. Until a user authenticates with eXist, she is a guest. It is
possible to allow users access to some resources as
guest
without authentication; this is particularly useful for
serving content to web users without them having to log in to your website. The
guest
user has a default auto-
set password of
guest
, although you should never need it.
guest
The
admin
user is the default
dba
(database administrator) user for eXist, and will be the first user that you log
in as after installing eXist. By default, the
admin
user's password is empty.
admin
SYSTEM
The
SYSTEM
account is used internally by eXist processes to modify resources in the database and manage the
database. Even eXist has to authenticate itself! You cannot authenticate as the
SYSTEM
user, and eXist cannot
function without that account.
You really should consider setting a strong password for the
admin
user to secure the system, either during or immediately after instal‐
ling eXist. What constitutes a strong password? Well, that's hard to
explain simply, and advice tends to change over time, but this web‐
site can help you generate strong passwords:
http://strongpassword
generator.com
.
If you're more security conscious, check out
https://
Each user in eXist must belong to at least one group, and may belong to many
groups. If a user is a member of many groups, then the default group for ownership
Search WWH ::
Custom Search