- From: Andy Seaborne <andy.seaborne@epimorphics.com>
- Date: Tue, 21 Dec 2010 10:41:49 +0000
- To: Lee Feigenbaum <lee@thefigtrees.net>
- CC: Paul Gearon <gearon@ieee.org>, SPARQL Working Group <public-rdf-dawg@w3.org>
On 21/12/10 09:58, Lee Feigenbaum wrote: >> * Ensure correct escaping of literal strings to avoid injection >> attacks. This is more of a user issue though a poor parser can >> exacerbate the problem. Also many stores include a web front end, >> which may act as a client vulnerable to this problem. > > I don't think this one belongs in the update document as it's more of a > client issue. There is something to say that if the query service is the same endpoint as an update service then injection is possible. Andy
Received on Tuesday, 21 December 2010 10:42:31 UTC