mirror of https://gitee.com/bigwinds/arangodb
29 lines
1.2 KiB
Markdown
29 lines
1.2 KiB
Markdown
@startDocuBlock serverAuthenticateSystemOnly
|
|
`--server.authentication-system-only boolean`
|
|
|
|
Controls whether incoming requests need authentication only if they are
|
|
directed to the ArangoDB's internal APIs and features, located at
|
|
*/_api/*,
|
|
*/_admin/* etc.
|
|
|
|
If the flag is set to *true*, then HTTP authentication is only
|
|
required for requests going to URLs starting with */_*, but not for other
|
|
URLs. The flag can thus be used to expose a user-made API without HTTP
|
|
authentication to the outside world, but to prevent the outside world from
|
|
using the ArangoDB API and the admin interface without authentication.
|
|
Note that checking the URL is performed after any database name prefix
|
|
has been removed. That means when the actual URL called is
|
|
*/_db/_system/myapp/myaction*, the URL */myapp/myaction* will be used for
|
|
*authentication-system-only* check.
|
|
|
|
The default is *true*.
|
|
|
|
Note that authentication still needs to be enabled for the server regularly
|
|
in order for HTTP authentication to be forced for the ArangoDB API and the
|
|
web interface. Setting only this flag is not enough.
|
|
|
|
You can control ArangoDB's general authentication feature with the
|
|
*--server.authentication* flag.
|
|
@endDocuBlock
|
|
|