Can anybody tell me something generally about Tamino security (how can I protect databases, system,…)
For authentication Tamino supports the following modes:
In this mode, Tamino receives the userid from the web server module and relies on the web server to authenticate the user. If this mode is set and the web server is not configured to perform authentication, a blank userid will be used in Tamino which will be assigned to the permissions of the default group. If a request is authenticated successfully and passed to Tamino, the userid (and the domain) specified in the HTTP basic authentication scheme is used.
This is the default mode that is set when a new database is created.
This mode specifies that authentication is performed directly by Tamino. All requests sent to Tamino are authenticated against the users known to Tamino. These users are either stored directly in Tamino in the collection ino:security> or are stored in an external authentication service which Tamino can query. Each request sent to Tamino must include a userid and a password: if these are not provided or if authentication fails, Tamino will return an HTTP response code 401.
In this mode, Tamino will use the userid provided for authorization, but it will not be authenticated. The userid can be sent in either the HTTP basic authentication header field or in the special header field X-INO-Authorization.
For authorization, Tamino provides an authorization check to grant or deny access to XML nodes (elements and attributes) and functions.
Access control is currently available on the structural level, that is, each node can be protected individually, or based on its position in a subtree, rather than based on the content or value of a node.
Furhter information and a complete explanation of the Tamino security can be found in the Tamino documentation.
Thanks for your help!