W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > January to March 2009

RE: Security Concerns section added to Query_by_reference

From: Seaborne, Andy <andy.seaborne@hp.com>
Date: Thu, 26 Mar 2009 09:38:58 +0000
To: Steve Harris <steve.harris@garlik.com>, SPARQL Working Group <public-rdf-dawg@w3.org>
Message-ID: <B6CF1054FDC8B845BF93A6645D19BEA3628D9A742E@GVW1118EXC.americas.hpqcorp.net>

> -----Original Message-----
> From: public-rdf-dawg-request@w3.org [mailto:public-rdf-dawg-
> request@w3.org] On Behalf Of Steve Harris
> Sent: 25 March 2009 21:30
> To: SPARQL Working Group
> Subject: Re: Security Concerns section added to Query_by_reference
> On 25 Mar 2009, at 15:30, Seaborne, Andy wrote:
> > A practice-and-experience note.
> >
> > Queries that use FROM/FROM NAMED also cause servers to load data
> > from a remote reference and have the same serious issues.
> There is a difference. The wording of FROM (8.2 Specifying RDF
> Datasets) is (deliberately IIRC) quite vague, and it doesn't
> explicitly require you to go and dereference a URI. For example we had
> a store that uses FROM NAMED to choose the, already loaded, graphs
> that will be used to answer the query, and that's legitimate from me
> reading of the spec.
> - Steve

The same could also be true (at least, I was assuming that it would be true).  A reference to a query (a reference to a representation of a query) is no different to a reference to a representation of a graph, which is what 8.2.1 and 8.2.2 talk about.

So just because a query is referenced, it does not mean it must be read. The query may be available locally to the server.  It might even already have a query plan.


Received on Thursday, 26 March 2009 09:40:27 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:00:56 UTC