- From: Alexandre Passant <alexandre.passant@deri.org>
- Date: Tue, 27 Jul 2010 13:01:13 +0100
- To: Axel Polleres <axel.polleres@deri.org>
- Cc: SPARQL Working Group <public-rdf-dawg@w3.org>
Hi, On 26 Jul 2010, at 14:12, Axel Polleres wrote: [...] > > ======================================================================= > > ISSUE-19 > Security issues on SPARQL/UPdate > > The current section in the draft > http://www.w3.org/2009/sparql/docs/update-1.1/Overview.xml#sec_security > is still fairly empty. > Do the editors think they have sufficient information to draft this section? > Did we collect relevant issues already in one place? > I would like to keep this OPEN until we have a reasonable draft for this section. By listing security issues in this section, I'm afraid that we will miss some and will had lots of discussions on which ones to / not to add (DOS, Authentication, Insertions, Malicious data, spam, etc. - while some are also related to the protocol) Actually, I'd rather list none but have a single sentence saying "the specification does not address security concerns related to SPARQL/Update and that implementers and users MUST be aware of security concerns when allowing SPARQL/Update on their dataset". Alex. -- Dr. Alexandre Passant Digital Enterprise Research Institute National University of Ireland, Galway :me owl:sameAs <http://apassant.net/alex> .
Received on Tuesday, 27 July 2010 12:01:49 UTC