Database Reference
In-Depth Information
XQuery
extension
module
Security implications of use
XPath and
XQuery Functions
and Operators
module
A user could use the fn:doc function to retrieve documents from the filesystem to which the user under
which the eXist server is running has read access. There is also the potential to download documents from
remote sources by URI. You can reduce or alleviate this risk by using sensible firewall and network
settings. This module could also potentially be used to launch a DoS attack against a remote service.
Disabling the Java binding from XQuery
eXist provides a feature called Java binding (see “Java binding” on page 117 for fur‐
ther details) that allows Java code to be written inside XQuery code and executed by
eXist's XQuery processor. This is undoubtedly a very powerful feature that could
prove useful where an XQuery developer wishes to perform some task that is not pos‐
sible in XQuery and for which no extension functions are provided. However, in the
wrong hands, it gives an attacker access to a programming language that has a rich
standard library.
By default, eXist is shipped with the Java binding disabled. You can configure this in
$EXIST_HOME/conf.xml by changing the value of the enable-java-binding
attribute on the xquery configuration element to either yes or no . It is highly recom‐
mended that the Java binding remain disabled. If you require additional functionality
that XQuery does not provide, you should consider writing an extension module for
XQuery in Java that encapsulates just the functionality that you require (see “Internal
XQuery Library Modules” on page 467 ).
Disabling direct access to the REST Server
While it is recommended that you disable various XQuery modules and Java binding
if you're not using their functionality, what can you do to limit what anonymous web
users can exploit when you do require such functionality?
One possibility is to limit the ability for eXist's REST Server to directly receive web
requests, including XQuery submissions that would otherwise be processed dynami‐
cally. Disabling this capability still allows you to place main modules and associated
library modules written in XQuery into the database as binary documents and have
them executed via URI calls, but access to database resources is instead controlled by
XQuery URL Rewrite (see “URL Mapping Using URL Rewriting” on page 194 ). Such a
restriction prevents anonymous and authenticated users from directly accessing data‐
base resources or sending in XQueries via eXist's REST Server, unless you permit it
within your own XQuery controller.
To remove the REST Server's ability to directly receive web requests, you can modify
the parameter hidden in $EXIST_HOME/webapp/WEB-INF/web.xml :
 
Search WWH ::




Custom Search