clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hasan Hasan <ha...@trialox.org>
Subject Re: [jira] [Created] (CLEREZZA-801) Fastlaned Sparql query circumvent security
Date Mon, 15 Jul 2013 05:07:02 GMT
Hi Reto,

I think this should be solved on another layer. The preparser should merely
deal with the query string.
Wouldn't it be better/cleaner that the object that get the referred graphs
from preparser does the check?

Cheers
Hasan


On Sun, Jul 14, 2013 at 5:45 PM, Reto Bachmann-Gmür <reto@wymiwyg.com>wrote:

> Hi Hasan
>
> This issue could easily be solved if the preparser could return a set
> of graphs that are accessed reading and a set of graphs that are
> accessed for writing.
>
> WDYT?
>
> Cheers,
> Reto
>
> On Fri, Jul 12, 2013 at 3:47 PM, Reto Bachmann-Gmür (JIRA)
> <jira@apache.org> wrote:
> > Reto Bachmann-Gmür created CLEREZZA-801:
> > -------------------------------------------
> >
> >              Summary: Fastlaned Sparql query circumvent security
> >                  Key: CLEREZZA-801
> >                  URL: https://issues.apache.org/jira/browse/CLEREZZA-801
> >              Project: Clerezza
> >           Issue Type: Bug
> >             Reporter: Reto Bachmann-Gmür
> >             Priority: Critical
> >
> >
> > No check for access permission on the graph takes place for fastlaned
> queries.
> >
> > --
> > This message is automatically generated by JIRA.
> > If you think it was sent incorrectly, please contact your JIRA
> administrators
> > For more information on JIRA, see:
> http://www.atlassian.com/software/jira
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message