Angelo Veltens wrote: > Hi all, > > my name is Angelo Veltens, i'm studying computer science in germany. I > am using the jena framework with sdb for a student research project. > > I'm just wondering how to prevent sparql injections. It seems to me, > that i have to build my queries from plain strings and do the sanitizing > on my own. Isn't there something like prepared statements as in > SQL/JDBC? This would be less risky. > > Kind regards, > Angelo Veltens > > > > The server should have the ability to control who can do what with SPARQL. If you put SPARQL endpoints behind FOAF+SSL (for instance) and also use ACLs at the Graph IRI level, the vulnerability is blocked (bar stealing your machine and getting locating your private key). -- Regards, Kingsley Idehen President & CEO OpenLink Software Web: http://www.openlinksw.com Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca: kidehenReceived on Monday, 29 March 2010 18:17:16 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:20:58 UTC