W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > October to December 2010

Re: Update security issues

From: Andy Seaborne <andy.seaborne@epimorphics.com>
Date: Tue, 21 Dec 2010 10:41:49 +0000
Message-ID: <4D10846D.1080400@epimorphics.com>
To: Lee Feigenbaum <lee@thefigtrees.net>
CC: Paul Gearon <gearon@ieee.org>, SPARQL Working Group <public-rdf-dawg@w3.org>


On 21/12/10 09:58, Lee Feigenbaum wrote:
>> * Ensure correct escaping of literal strings to avoid injection
>> attacks. This is more of a user issue though a poor parser can
>> exacerbate the problem. Also many stores include a web front end,
>> which may act as a client vulnerable to this problem.
>
> I don't think this one belongs in the update document as it's more of a
> client issue.

There is something to say that if the query service is the same endpoint 
as an update service then injection is possible.

	Andy
Received on Tuesday, 21 December 2010 10:42:31 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:44 GMT