- From: Gregory Williams <greg@evilfunhouse.com>
- Date: Tue, 7 Apr 2009 09:35:56 -0400
- To: Steve Harris <steve.harris@garlik.com>
- Cc: RDF Data Access Working Group <public-rdf-dawg@w3.org>
On Apr 7, 2009, at 8:01 AM, Steve Harris wrote: > OK, here's one example: > > Imagine a corporate system, inside a firewall, hosting a number of > services, and a SPARQL endpoint. There's a hole/bridge through the > firewall to allow outside people to connect to the SPARQL store and > issue approved queries by reference. > > The systems inside the firewall are all in secure.example, eg. > sparql.secure.example, and services1.secure.example. > > The SPARQL store is configured to only accept references from > services1.secure.example, a machine that uses SPARQL to provide > services. > > An attacker issues a request like ?query-ref=http://services1.secure.example/service/delete-all > > As far as the SPARQL endpoint is concerned, that's legitimate, so it > might reasonably try and dereference that URI (which is obviously a > bad idea to a human). I'm still not getting how this is different from using a "FROM <http://services1.secure.example/service/delete-all >" clause in the SPARQL query? The underlying problem here seems to me to be the existence of a HTTP GET operation that is deleting data, and which could be triggered by a FROM clause, a query-ref URI, or even a malicious webpage loaded from inside the firewall. Surely any security measures you take with regard to FROM clauses can be applied to query-ref URIs? .greg
Received on Tuesday, 7 April 2009 13:36:43 UTC