W3C home > Mailing lists > Public > public-lod@w3.org > March 2010

Fwd: Preventing SPARQL injection

From: Davide Palmisano <dpalmisano@gmail.com>
Date: Mon, 29 Mar 2010 17:08:48 +0200
Message-ID: <4bc92c131003290808s3d854770od8cbbf1eb2939fa@mail.gmail.com>
To: Linked Data community <public-lod@w3.org>
apologize, forgot to cc public-lod

---------- Forwarded message ----------
From: Davide Palmisano <dpalmisano@gmail.com>
Date: Mon, Mar 29, 2010 at 4:51 PM
Subject: Re: Preventing SPARQL injection
To: Angelo Veltens <angelo.veltens@online.de>


Hi Angelo,

I'm not sure I well understood your problem. Anyway may be worth give
a look to this: http://clarkparsia.com/weblog/2010/02/03/empire-0-6/

cheers,

Davide

On Sat, Mar 27, 2010 at 1:10 PM, Angelo Veltens
<angelo.veltens@online.de> wrote:
> Hi all,
>
> my name is Angelo Veltens, i'm studying computer science in germany. I
> am using the jena framework with sdb for a student research project.
>
> I'm just wondering how to prevent sparql injections. It seems to me,
> that i have to build my queries from plain strings and do the sanitizing
> on my own. Isn't there something like prepared statements as in
> SQL/JDBC? This would be less risky.
>
> Kind regards,
> Angelo Veltens
>
>
>



--
Davide Palmisano
Technologist at Fondazione Bruno Kessler
http://davidepalmisano.wordpress.com
http://twitter.com/dpalmisano



-- 
Davide Palmisano

http://davidepalmisano.wordpress.com
http://twitter.com/dpalmisano
Received on Monday, 29 March 2010 15:09:42 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:25 UTC