W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > January to March 2010

Security considerations in SPARQL Update

From: Paul Gearon <gearon@ieee.org>
Date: Fri, 8 Jan 2010 11:41:00 -0500
Message-ID: <a25ac1f1001080841l68fa8e1cg200e03c657753acd@mail.gmail.com>
To: SPARQL Working Group <public-rdf-dawg@w3.org>
Hi Everyone,

SPARQL 1.1 Query mentions a few security issues in the section "18
Security Considerations (Informative)":
  http://www.w3.org/2009/sparql/docs/query-1.1/rq25.xml#security

SPARQL 1.1 Update needs to have a similar section (it's mostly empty
at the moment), but it will need to have more detail than SPARQL 1.1.
Query, given that these operations are deliberately transformative.
This opens up an implementation to things like injection attacks, plus
other problems that SQL faces that I'm sure I've never even heard of.
I'd like to point out some of the obvious things, but I think we
should be careful not to over-proscribe, since we can't know
everything that may come along, and individual implementations may
have their own issues.

Does anyone have suggestions on what I should mention here?

Regards,
Paul Gearon
Received on Friday, 8 January 2010 16:41:32 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:41 GMT