- From: Rob Vesse <rav08r@ecs.soton.ac.uk>
- Date: Mon, 29 Mar 2010 15:53:51 +0100
- To: "'Linked Data community'" <public-lod@w3.org>
- Cc: <jena-dev@yahoogroups.com>
Forgot to cc to list and to jena-dev -----Original Message----- From: Rob Vesse [mailto:rav08r@ecs.soton.ac.uk] Sent: 29 March 2010 15:53 To: 'Angelo Veltens' Subject: RE: Preventing SPARQL injection The following may be of interest to you: http://www.slideshare.net/Morelab/sparqlrdqlsparul-injection They proposed a patch to Jena but I don't know whether it ever got incorporated into the codebase. Rob -----Original Message----- From: public-lod-request@w3.org [mailto:public-lod-request@w3.org] On Behalf Of Angelo Veltens Sent: 27 March 2010 12:11 To: public-lod@w3.org Subject: Preventing SPARQL injection Hi all, my name is Angelo Veltens, i'm studying computer science in germany. I am using the jena framework with sdb for a student research project. I'm just wondering how to prevent sparql injections. It seems to me, that i have to build my queries from plain strings and do the sanitizing on my own. Isn't there something like prepared statements as in SQL/JDBC? This would be less risky. Kind regards, Angelo Veltens
Received on Monday, 29 March 2010 14:54:48 UTC