Mike,
If you use xforms:output with an image mediatype, and the value of the
output points to a URL in your eXist database, Orbeon Forms will act
as a proxy and require a valid session. I am thinking that this could
help.
The trick would then for you to replace the img elements with
xforms:output elements.
Then you would of course fully secure eXist from access by the outside
world, while letting the Orbeon app access eXist.
-Erik
On Tue, May 24, 2011 at 1:53 PM, <
[hidden email]> wrote:
> Hi Folks,
> We have an app where users can personalize certain parts of the display.
> This includes letting them add html that we will render for them.
> So, for example, a user might include an <img in their html:
> <img class="yui-img"
> src="
https://our-website.com/exist/rest/db/images/user-name/some.gif"/>
> What we have done so far is to store these images in the exist database.
> However, the only way we could get this to work was to all world access to
> the .gif (not real secure of course) or to have them embed the user name and
> password in the URL (also not real secure).
> Is there a way to do this a more secure way?
> Any help most welcomed!
> Thanks,
> Mike.
>
>
>
> --
> You receive this message as a subscriber of the
[hidden email] mailing
> list.
> To unsubscribe: mailto:
[hidden email]
> For general help: mailto:
[hidden email]?subject=help
> OW2 mailing lists service home page:
http://www.ow2.org/wws>
>
--
You receive this message as a subscriber of the
[hidden email] mailing list.
To unsubscribe: mailto:
[hidden email]
For general help: mailto:
[hidden email]?subject=help
OW2 mailing lists service home page:
http://www.ow2.org/wws
Locked
