W3C home > Mailing lists > Public > public-lod@w3.org > March 2010

Re: Preventing SPARQL injection

From: Rob Vesse <rav08r@ecs.soton.ac.uk>
Date: Mon, 29 Mar 2010 15:53:51 +0100
To: "'Linked Data community'" <public-lod@w3.org>
Cc: <jena-dev@yahoogroups.com>
Message-ID: <EMEW3|8773171f7f044e293e5242ba2df55f85m2SFsJ06rav08r|ecs.soton.ac.uk|00fb01cacf4f$a5306a20$ef913e60$@soton.ac.uk>
Forgot to cc to list and to jena-dev

-----Original Message-----
From: Rob Vesse [mailto:rav08r@ecs.soton.ac.uk] 
Sent: 29 March 2010 15:53
To: 'Angelo Veltens'
Subject: RE: Preventing SPARQL injection

The following may be of interest to you:

http://www.slideshare.net/Morelab/sparqlrdqlsparul-injection

They proposed a patch to Jena but I don't know whether it ever got
incorporated into the codebase.

Rob

-----Original Message-----
From: public-lod-request@w3.org [mailto:public-lod-request@w3.org] On Behalf
Of Angelo Veltens
Sent: 27 March 2010 12:11
To: public-lod@w3.org
Subject: Preventing SPARQL injection

Hi all,

my name is Angelo Veltens, i'm studying computer science in germany. I
am using the jena framework with sdb for a student research project.

I'm just wondering how to prevent sparql injections. It seems to me,
that i have to build my queries from plain strings and do the sanitizing
on my own. Isn't there something like prepared statements as in
SQL/JDBC? This would be less risky.

Kind regards,
Angelo Veltens
Received on Monday, 29 March 2010 14:54:48 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:25 UTC