You are viewing a plain text version of this content. The canonical link for it is here.

Posted to xindice-users@xml.apache.org by Julian <ce...@yahoo.com> on 2003/07/21 23:52:25 UTC

SSL Implementation and XMLRPC Security (Was Xindice 1.1b Life Without Servlet Engine)

Hi,

I was previously toying around with using just the
Java API for xindice, but since it does not want to
cooperate, I must use XMLRPC.  I came to this
conclusion since the the command line returns no
results when using the -l and -d options (which I
believe is equivalent to my java based code that uses
xmldb:xindice-embed://), but  returns the proper
results without the aforementioned options (which
seems to use xmldb:xindice:// a.k.a. xmlrpc).  So I
have a few security related questions:

<questions>
1.Is the SSL code in the cvs scratchpad nearly
production stable?

2.Is the XML RPC API for Xindice XML:DB compliant?

3.Is it possible to allow only the localhost to access
the database? I do not want to open the db to the
network nor do I want to have to open any non-ssl
ports.
</questions>

Thanks In Advance,
Julian

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

Re: SSL Implementation and XMLRPC Security (Was Xindice 1.1b Life Without Servlet Engine)

Posted by Julian <ce...@yahoo.com>.

Mark,

  This sounds like the solution to my problem!! 
However, the collections created via the CLI are not
nesting properly so I cannot export them yet.  However
my java code is nesting properly.


<questions>
1)Is this b/c the "db" collection is not created
first?

2)Or is it something to do with the Sys* folder not
residing in the "system" folder?

3)Or is this b/c the java code has already created a
db somewhere else on the file system and is
interfering with the creation of a second db? The java
code is using a different system.xml that points to
another location on the drive.
</questions>

Attached is my debug info after creating the
collections and typing 
"xindice lc -c /db -l -d ../config/system.xml"
which by the way also ends up creating the "level2"
folder in the $dbroot dir as well.

<details>
1) Set XINDICE_HOME to /Apps/xml-xindice/
2) Change the system.xml to point to
/Apps/xml-xindice/db with dbname as "db"
3) Use the command line to create my collections from
the /Apps/xml-xindice/db dir:

xindice ac -c /db -n level1 -l -d ../config/system.xml

xindice ac -c /db/level1 -n level2 -l -d
../config/system.xml

xindice ac -c /db/level1/level2 -n level3 -l -d
../config/system.xml

"level1" and "level2" collections are nested properly,
but when I create "level3" it is being created in the
"$dbroot" folder on the filesystem rather than being
added to "$dbroot/level1/level2".  Also the
database.xml seems incorrect (has a few nulls where
file paths should be...see attachment).
</details>

Thanks for all the help,
Julian

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Re: SSL Implementation and XMLRPC Security (Was Xindice 1.1b Life Without Servlet Engine)

Posted by "Mark J. Stang" <ma...@earthlink.net>.

Julian,
Just a quick note, embedding Xindice and also using it
from the command-line is a bit tricky.   When running
from the command-line, you need the -l and it uses
the XINDICE_HOME environment variable.   That is
where you will find your db.   However, if you start
up your embedded app in a different directory than
XINDICE_HOME it will create a new set of db
directories.   So, you will see two different results.
My solution was to set XINDICE_HOME to be
where my app starts from.   This requires setting
up at least one directory and a config file or two.
However, it does work.   I can create documents
through the embedded version of Xindice and
then dump them using the -l command.

xindice export -l -c /db/shopinfo -f documents

export     dump the documents
-l             local
-c            collection
-f             directory to dump them

HTH,

Mark

Julian wrote:

> Hi,
>
> I was previously toying around with using just the
> Java API for xindice, but since it does not want to
> cooperate, I must use XMLRPC.  I came to this
> conclusion since the the command line returns no
> results when using the -l and -d options (which I
> believe is equivalent to my java based code that uses
> xmldb:xindice-embed://), but  returns the proper
> results without the aforementioned options (which
> seems to use xmldb:xindice:// a.k.a. xmlrpc).  So I
> have a few security related questions:
>
> <questions>
> 1.Is the SSL code in the cvs scratchpad nearly
> production stable?
>
> 2.Is the XML RPC API for Xindice XML:DB compliant?
>
> 3.Is it possible to allow only the localhost to access
> the database? I do not want to open the db to the
> network nor do I want to have to open any non-ssl
> ports.
> </questions>
>
> Thanks In Advance,
> Julian
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com

--
Mark J Stang
System Architect
Cybershop Systems