W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > January to March 2009

Re: Security Concerns section added to Query_by_reference

From: Steve Harris <steve.harris@garlik.com>
Date: Thu, 26 Mar 2009 10:48:23 +0000
Message-Id: <536B351F-95F5-40B8-8D59-05835348991D@garlik.com>
To: SPARQL Working Group <public-rdf-dawg@w3.org>
On 26 Mar 2009, at 09:38, Seaborne, Andy wrote:
>> -----Original Message-----
>> From: public-rdf-dawg-request@w3.org [mailto:public-rdf-dawg-
>> request@w3.org] On Behalf Of Steve Harris
>> Sent: 25 March 2009 21:30
>> To: SPARQL Working Group
>> Subject: Re: Security Concerns section added to Query_by_reference
>> On 25 Mar 2009, at 15:30, Seaborne, Andy wrote:
>>> A practice-and-experience note.
>>> Queries that use FROM/FROM NAMED also cause servers to load data
>>> from a remote reference and have the same serious issues.
>> There is a difference. The wording of FROM (8.2 Specifying RDF
>> Datasets) is (deliberately IIRC) quite vague, and it doesn't
>> explicitly require you to go and dereference a URI. For example we  
>> had
>> a store that uses FROM NAMED to choose the, already loaded, graphs
>> that will be used to answer the query, and that's legitimate from me
>> reading of the spec.
>> - Steve
> The same could also be true (at least, I was assuming that it would  
> be true).  A reference to a query (a reference to a representation  
> of a query) is no different to a reference to a representation of a  
> graph, which is what 8.2.1 and 8.2.2 talk about.
> So just because a query is referenced, it does not mean it must be  
> read. The query may be available locally to the server.  It might  
> even already have a query plan.

Fair point, but I still think there's a difference in expectations,  
from the feature description and docs at the hosting site. It could be  
worded differently, but there seemed to be a clear expectation of a  
live de of the URI from the author.

- Steve

Steve Harris
Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK
+44(0)20 8973 2465  http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10  
Received on Thursday, 26 March 2009 10:49:00 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:00:56 UTC