3 Replies Latest reply on Oct 15, 2015 9:51 PM by mbenseman

    XML Query of Protested Database

    mbenseman

      Hi

       

      I am using an XML query to extract data from an FMS 14 hosted database.

       

      The query works fine and is defaulting to using the Guest account, but of course by having the guest enabled, anyone can write an xml query to get data from my database...not a good idea.

       

      So what i want to do is use a Password protected account, so that its restrict access to the database.....

       

      My problem....I can for the life of me see any documentation as to how to incorporate Userr ID and Password parameters into the XML query......

       

      can anyone point me in the right direction....

       

      Thanks

        • 1. Re: XML Query of Protested Database
          user19752

          You can embed them in URL as

          http://username:password@host/fmi/xml/...

          (both parameters need to be url encoded)

           

          If you don't use https, there may be security risk.

          • 2. Re: XML Query of Protested Database
            beverly

            *can* does not equate with *should*. embed of username:password in any URL is a security risk. And even some browsers and apps have begun to block this practice (they won't work).

             

            If you have a closed system, perhaps, ok embed away.

             

            OP doesn't specify what's getting the results, but perhaps it's time to work on authentication and then query rather than embed?

             

            beverly

            • 3. Re: XML Query of Protested Database
              mbenseman

              Thanks user and Beverley

               

              I am have tried user's approach and it works fine. 

               

              In response to beverley, I am using this to download data from the database to an app.  The system is "closed" in as much as the url is embebded in the app's script.

               

              I don't want it to go through a manual authentication process (although the username and password may be entered as variables by the user of the app) as it is part of script that updates a table of data.  Its a one way process....pulls data from FMS to populate table in mobile app.

               

              Anyway long response...but short answer is I am happy with the help you have both given.