Return-Path: X-Original-To: apmail-clerezza-dev-archive@www.apache.org Delivered-To: apmail-clerezza-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 34175100FC for ; Mon, 15 Jul 2013 09:33:26 +0000 (UTC) Received: (qmail 46711 invoked by uid 500); 15 Jul 2013 09:33:26 -0000 Delivered-To: apmail-clerezza-dev-archive@clerezza.apache.org Received: (qmail 46558 invoked by uid 500); 15 Jul 2013 09:33:24 -0000 Mailing-List: contact dev-help@clerezza.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@clerezza.apache.org Delivered-To: mailing list dev@clerezza.apache.org Received: (qmail 46471 invoked by uid 99); 15 Jul 2013 09:33:23 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Jul 2013 09:33:23 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests= X-Spam-Check-By: apache.org Received-SPF: error (nike.apache.org: local policy) Received: from [213.238.45.90] (HELO r2-d2.netlabs.org) (213.238.45.90) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 15 Jul 2013 09:33:17 +0000 Received: (qmail 4948 invoked by uid 89); 15 Jul 2013 09:32:35 -0000 Received: from unknown (HELO mail-la0-f46.google.com) (farewellutopia@netlabs.org@209.85.215.46) by 0 with ESMTPA; 15 Jul 2013 09:32:35 -0000 Received: by mail-la0-f46.google.com with SMTP id eg20so9349631lab.33 for ; Mon, 15 Jul 2013 02:32:34 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=tkpgFaElUWrAJeAzqndwx4/E/nd/gyWzF43ztQ6DbhI=; b=RfKEyZJT+WLoaUgD/KROjEYuwIhTgP2AqM3xtEMzz9zs9LJND37AB/5EnhJlWhEN7q JWciV2rDB46vnr/8fdFeqVQ3sFZ2xY6xLN1OAs0mDYNed4jpGT73kp3axdPxnrsmINL5 pRLrUGbmRM1BbHIUmhanSpu9Mz4kIYnCQoAv1a9TTEpmNASAgrf0kbijtbFtsKfWvvpG Z+jOWSe3NBXzejlEGrNWtfLrDAEy9f+lYU4VgnyQ/W2DYIZ5BHfYEftBNaqdfBha7yRL shvs0wrayAKLwR1+LfkGMFDq2zjktqxP/ZGzVfMd0l7zAIlvCg1+DO0MW0igvPIy2Q62 9uKw== MIME-Version: 1.0 X-Received: by 10.152.20.40 with SMTP id k8mr25034486lae.25.1373880754434; Mon, 15 Jul 2013 02:32:34 -0700 (PDT) Received: by 10.152.125.144 with HTTP; Mon, 15 Jul 2013 02:32:34 -0700 (PDT) X-Originating-IP: [31.24.10.206] In-Reply-To: References: Date: Mon, 15 Jul 2013 11:32:34 +0200 Message-ID: Subject: Re: [jira] [Created] (CLEREZZA-801) Fastlaned Sparql query circumvent security From: =?ISO-8859-1?Q?Reto_Bachmann=2DGm=FCr?= To: Hasan Hasan Cc: dev@clerezza.apache.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Gm-Message-State: ALoCoQntyEBeZhNbw/DCiAppXeZLAn0xOpoexnEchosnKT49utTttMs/F3bbmc+WFdsmY/3YyQPs X-Virus-Checked: Checked by ClamAV on apache.org Hi Hasan WIth the slowlane we can do the security checks once the triple-collections are accessed. With fastlane we don't have this possibility as the query is passed to the provider and what happens then is beyond our control. So we need to look at the query. In a simplifying solution: - see that the query is not doing an update operation and accessing graphs A and B in which case we check for read permission on A and B - see that the query is doing an update operation and accessing graphs A and B in which case we check for readwrite permission on A and B In a more advanced solution we would also see that the query COPY TO needs read permisson for A and readwrite permission for B. If the preparser for now would not implement support for the advanced solution this would be no problem. But the API should be already designed in a way to allow support for it. So the preparser should return a tuple of a set of graphs accessed for reading only and one with the graphs accessing for writing too. If for now all update oprations results in all graphs being in the second set, that's no problem. Cheers, Reto On Mon, Jul 15, 2013 at 7:07 AM, Hasan Hasan wrote: > Hi Reto, > > I think this should be solved on another layer. The preparser should mere= ly > deal with the query string. > Wouldn't it be better/cleaner that the object that get the referred graph= s > from preparser does the check? > > Cheers > Hasan > > > On Sun, Jul 14, 2013 at 5:45 PM, Reto Bachmann-Gm=FCr > wrote: >> >> Hi Hasan >> >> This issue could easily be solved if the preparser could return a set >> of graphs that are accessed reading and a set of graphs that are >> accessed for writing. >> >> WDYT? >> >> Cheers, >> Reto >> >> On Fri, Jul 12, 2013 at 3:47 PM, Reto Bachmann-Gm=FCr (JIRA) >> wrote: >> > Reto Bachmann-Gm=FCr created CLEREZZA-801: >> > ------------------------------------------- >> > >> > Summary: Fastlaned Sparql query circumvent security >> > Key: CLEREZZA-801 >> > URL: https://issues.apache.org/jira/browse/CLEREZZA-8= 01 >> > Project: Clerezza >> > Issue Type: Bug >> > Reporter: Reto Bachmann-Gm=FCr >> > Priority: Critical >> > >> > >> > No check for access permission on the graph takes place for fastlaned >> > queries. >> > >> > -- >> > This message is automatically generated by JIRA. >> > If you think it was sent incorrectly, please contact your JIRA >> > administrators >> > For more information on JIRA, see: >> > http://www.atlassian.com/software/jira > >