marklogic public facing authentication

Question

We have a marklogic instance deployed behind a .net application that effectively provides a basic security and authentication on incoming requests.

We are wondering about exposing marklogic directly to client applications - which are run in public facing web applications which require a basic user login - so removing the proxy layer and our home rolled security and leveraging mark logic's in-built security or implementing something in xquery for example .

Does anyone have experience with this approach and advice on whether marklogic is best run behind a proxy etc. ?

As .net / sql developers, we see this as equivalent to exposing say a SQL database directly to the web.....

any advice appreciated.

thanks

Answer 1

In addition to mblakele's answer, I'd like to add that you should take into account that MarkLogic has its own Application Servers. It is very common for databases with such app servers to be facing the public. With Oracle you could use Oracle Application Express for such purposes..

HTH!

Answer 2

You can certainly expose MarkLogic directly to users: http://markmail.org is one example and http://developer.marklogic.com is another. Both incorporate authentication. I believe both use a reverse-proxy to handle certain concerns: caching static resources, path rewriting. But in principle no proxy is necessary.

This is a fairly broad topic, though, so I think it may run afoul of the stackoverflow guidelines. Can you ask a specific question that would have a fairly close-ended answer?