[
https://issues.apache.org/jira/browse/TINKERPOP-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16839296#comment-16839296
]
stephen mallette commented on TINKERPOP-2190:
---------------------------------------------
Sorry - bad cut/paste - found other bugs too........i think it's good now:
https://github.com/apache/tinkerpop/commit/b52bca176d53b0941e92df9878f011010edbcd50
> Document Gremlin sanitization best practices
> --------------------------------------------
>
> Key: TINKERPOP-2190
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2190
> Project: TinkerPop
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 3.3.6, 3.4.1
> Reporter: Florian Hockmann
> Assignee: stephen mallette
> Priority: Minor
> Fix For: 3.4.2
>
>
> We already have docs on how to prevent arbitrary code execution through the
> script engine, but nothing yet about injections in Gremlin, basically the
> equivalent of SQL injections.
> I wrote [a post on Stack
> Overflow|https://stackoverflow.com/questions/44473303/how-to-prevent-gremlin-injection-in-c/44538936#44538936]
> on this topic which we can use as a basis here.
> Possible topics include:
> * Difference between GLVs and Gremlin scripts
> * Demonstrate when and how injections can occur
> * How to prevent injections
> This could either be added as an [implementation
> recipe|http://tinkerpop.apache.org/docs/current/recipes/#_implementation_recipes]
> or as a sub section for [Gremlin Server
> security|http://tinkerpop.apache.org/docs/current/reference/#security].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
