- From: Steve Harris <steve.harris@garlik.com>
- Date: Wed, 25 Mar 2009 21:30:26 +0000
- To: SPARQL Working Group <public-rdf-dawg@w3.org>
On 25 Mar 2009, at 15:30, Seaborne, Andy wrote: > A practice-and-experience note. > > Queries that use FROM/FROM NAMED also cause servers to load data > from a remote reference and have the same serious issues. There is a difference. The wording of FROM (8.2 Specifying RDF Datasets) is (deliberately IIRC) quite vague, and it doesn't explicitly require you to go and dereference a URI. For example we had a store that uses FROM NAMED to choose the, already loaded, graphs that will be used to answer the query, and that's legitimate from me reading of the spec. - Steve > In the Joseki example endpoint I run, there is an internal limit on > the size of the graph it will load (size by number of triples, the > number is quite low - the parsers stream and it counts the stream). > It only applies to data read in by URL, not if the query is on a > fixed dataset that the server already has. It's not ideal but some > mechanism was needed, and, yes, it has been triggered and not just > occasionally. There have requests to read in simply huge files by > HTTP GET. > > It also refuses to read "file:" URLs. > > Any SPARQL endpoint can reject a query for whatever reason it > chooses. Joseki provides a configuration option (per endpoint) to > reject queries with FROMN/FROM NAMED or the protocol equivalent, and > it is recommended to use that. > > So a processor can legitimately refuse to support any use > Feature:Query_by_reference. If that might be common, the time spent > spec'ing isn't well spent IMHO. > > Andy > >> -----Original Message----- >> From: public-rdf-dawg-request@w3.org [mailto:public-rdf-dawg- >> request@w3.org] On Behalf Of Steve Harris >> Sent: 25 March 2009 12:40 >> To: SPARQL Working Group >> Subject: Security Concerns section added to Query_by_reference >> >> http://www.w3.org/2009/sparql/wiki/Feature:Query_by_reference >> >> In short, providing public systems that can trigger bigger external >> requests than they receive is a serious security issue. >> >> - Steve >> >> -- >> Steve Harris >> Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK >> +44(0)20 8973 2465 http://www.garlik.com/ >> Registered in England and Wales 535 7233 VAT # 849 0517 11 >> Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10 >> 9AD >> > -- Steve Harris Garlik Limited, 2 Sheen Road, Richmond, TW9 1AE, UK +44(0)20 8973 2465 http://www.garlik.com/ Registered in England and Wales 535 7233 VAT # 849 0517 11 Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10 9AD
Received on Wednesday, 25 March 2009 21:31:04 UTC