Re: Security Concerns section added to Query_by_reference from Steve Harris on 2009-04-16 (public-rdf-dawg@w3.org from April to June 2009)

From: Steve Harris <steve.harris@garlik.com>
Date: Thu, 16 Apr 2009 22:50:17 +0100
To: Kjetil Kjernsmo <Kjetil.Kjernsmo@computas.com>
Cc: public-rdf-dawg@w3.org
Message-Id: <EE34DB52-798B-4C33-A78E-82EF77049319@garlik.com>

On 16 Apr 2009, at 15:32, Kjetil Kjernsmo wrote:

> On Thursday 16 April 2009 15:04:15 Steve Harris wrote:
>> Well, that was just an example. It doesn't alter the concern that
>> letting external services trigger GET requests from inside a firewall
>> is a bad idea in general.
>
> That's true, but it was a bad example. :-) The main concern, I  
> think, is that
> it makes it harder to configure the infrastructure to distinguish an
> unprivileged external user and a privileged internal user.

Well, it was an example of bad practice, but SPARQL has to exist in  
the real world.

> We could make it an optional feature, where the server may send a  
> 403 if it
> doesn't support it.

True, that's always an option. But, to be safe, any server that might  
be deployed in a typical commercial environment, while having it's  
endpoint accessible to external users, would have to default to having  
this feature disabled. That may not be a particularly common use-case  
generally, but for us, it is. As semantic web tools move more into  
general usage I can see it being more common too.

> Then the server admin may decide if they want to accept the risks.

Only if they're aware of it, which will not generally be the case if  
software shipped with this feature enabled out of the box.

To be perfectly honest, I'm a bit scared that I seem to be the person  
most concerned about this type of issue. The network security people  
I've dealt with regard me as dangerously blasé about this sort of  
thing. Given that were trying to write some recs that deal with  
network requests it would be good if there was someone in this WG who  
had a good understanding of the security consequences of decisions  
which might seem reasonable to us.

- Steve

-- 
Steve Harris
Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK
+44(0)20 8973 2465  http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10  
9AD

Received on Thursday, 16 April 2009 21:50:53 UTC