W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > April to June 2009


From: Steve Harris <steve.harris@garlik.com>
Date: Fri, 8 May 2009 11:03:40 +0100
Message-Id: <C767002B-E804-4028-BB83-682CD4116446@garlik.com>
To: SPARQL Working Group <public-rdf-dawg@w3.org>
Reflecting on Eric's comment re. my desire for a dialect of SPARQL  
that's safe to be deployed inside DMZs and the like, I think he's  
probably right in that it's necessary to explicitly defang FROM as well.

So, I would like to propose a subset of SPARQL/Query that is mandated  
not to do any network requests in direct response to user input.

I don't care if that bans the FROM keyword, or just redefines it to  
act as a restriction on the (internal) dataset being queried, as I  
believe some SPARQL systems do now.

SPARQL/Immutable is not a serious suggestion for a name, but SPARQL/ 
Safe or similar seems like it's asking for trouble. SPARQL/Local maybe?


- Steve

Steve Harris
Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK
+44(0)20 8973 2465  http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10  
Received on Friday, 8 May 2009 10:18:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:00:54 UTC