Florian Hockmann created TINKERPOP-2190:
-------------------------------------------
Summary: Document Gremlin sanitization best practices
Key: TINKERPOP-2190
URL: https://issues.apache.org/jira/browse/TINKERPOP-2190
Project: TinkerPop
Issue Type: Improvement
Components: documentation
Affects Versions: 3.4.1, 3.3.6
Reporter: Florian Hockmann
We already have docs on how to prevent arbitrary code execution through the
script engine, but nothing yet about injections in Gremlin, basically the
equivalent of SQL injections.
I wrote [a post on Stack
Overflow|https://stackoverflow.com/questions/44473303/how-to-prevent-gremlin-injection-in-c/44538936#44538936]
on this topic which we can use as a basis here.
Possible topics include:
* Difference between GLVs and Gremlin scripts
* Demonstrate when and how injections can occur
* How to prevent injections
This could either be added as an [implementation
recipe|http://tinkerpop.apache.org/docs/current/recipes/#_implementation_recipes]
or as a sub section for [Gremlin Server
security|http://tinkerpop.apache.org/docs/current/reference/#security].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
