- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 29 Mar 2010 14:16:47 -0400
- To: Angelo Veltens <angelo.veltens@online.de>
- CC: "public-lod@w3.org" <public-lod@w3.org>
Angelo Veltens wrote: > Hi all, > > my name is Angelo Veltens, i'm studying computer science in germany. I > am using the jena framework with sdb for a student research project. > > I'm just wondering how to prevent sparql injections. It seems to me, > that i have to build my queries from plain strings and do the sanitizing > on my own. Isn't there something like prepared statements as in > SQL/JDBC? This would be less risky. > > Kind regards, > Angelo Veltens > > > > The server should have the ability to control who can do what with SPARQL. If you put SPARQL endpoints behind FOAF+SSL (for instance) and also use ACLs at the Graph IRI level, the vulnerability is blocked (bar stealing your machine and getting locating your private key). -- Regards, Kingsley Idehen President & CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehen
Received on Monday, 29 March 2010 18:17:16 UTC