Hi Reto, I think this should be solved on another layer. The preparser should merely deal with the query string. Wouldn't it be better/cleaner that the object that get the referred graphs from preparser does the check?
Cheers Hasan On Sun, Jul 14, 2013 at 5:45 PM, Reto Bachmann-Gmür <[email protected]>wrote: > Hi Hasan > > This issue could easily be solved if the preparser could return a set > of graphs that are accessed reading and a set of graphs that are > accessed for writing. > > WDYT? > > Cheers, > Reto > > On Fri, Jul 12, 2013 at 3:47 PM, Reto Bachmann-Gmür (JIRA) > <[email protected]> wrote: > > Reto Bachmann-Gmür created CLEREZZA-801: > > ------------------------------------------- > > > > Summary: Fastlaned Sparql query circumvent security > > Key: CLEREZZA-801 > > URL: https://issues.apache.org/jira/browse/CLEREZZA-801 > > Project: Clerezza > > Issue Type: Bug > > Reporter: Reto Bachmann-Gmür > > Priority: Critical > > > > > > No check for access permission on the graph takes place for fastlaned > queries. > > > > -- > > This message is automatically generated by JIRA. > > If you think it was sent incorrectly, please contact your JIRA > administrators > > For more information on JIRA, see: > http://www.atlassian.com/software/jira >
