"What's the best way to parameterize SPARQL queries?" [via RDF JavaScript Libraries Community Group] from Wes Turner on 2013-10-02 (public-rdfjs@w3.org from October 2013)

From: Wes Turner <wes.turner@gmail.com>
Date: Wed, 2 Oct 2013 20:34:11 +0000
To: public-rdfjs@w3.org
Message-ID: <a10ce64de73a5397dc07395223cc10ed@www.w3.org>

http://www.reddit.com/r/semanticweb/comments/1e3fq0/whats_the_best_way_to_parameterize_sparql_queries/
The gist: as a tokenized query protocol, it is not 'safe' to build SPARQL
queries by concatenating strings which may contain user-supplied input. In SQL,
this is called "SQL Injection": CWE-89: Improper Neutralization of special
elements used in an SQL command ('SQL Injection')
http://cwe.mitre.org/top25/#CWE-89 It may be tempting to suggest that this is
not an issue for read-only SPARQL [...]



----------

This post sent on RDF JavaScript Libraries Community Group



'"What's the best way to parameterize SPARQL queries?"'

http://www.w3.org/community/rdfjs/2013/10/02/whats-the-best-way-to-parameterize-sparql-queries/



Learn more about the RDF JavaScript Libraries Community Group: 

http://www.w3.org/community/rdfjs

Received on Wednesday, 2 October 2013 20:34:14 UTC