[
https://issues.apache.org/jira/browse/RYA-499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17229927#comment-17229927
]
Lars W commented on RYA-499:
----------------------------
Timeout value provided through a query parameter should be sanitized against a
max value, or else you'll end up with introducing a possible DoS vulnerability
(in other words; prefer a timeout value not based on user input at all).
> Make timeout for SPARQL query configurable
> ------------------------------------------
>
> Key: RYA-499
> URL: https://issues.apache.org/jira/browse/RYA-499
> Project: Rya
> Issue Type: Improvement
> Components: sail
> Affects Versions: 3.2.12
> Environment: Rya 3.2.12
> Reporter: Maxim Kolchin
> Assignee: Brad
> Priority: Minor
>
> In
> [RdfController#120|https://github.com/apache/incubator-rya/blob/master/web/web.rya/src/main/java/org/apache/cloud/rdf/web/sail/RdfController.java#L121]
> a hardcoded timeout (120 sec) is employed. Although the 120 sec timeout
> looks like a reasonable value, it should be configured through the conf file
> or a query parameter.
> In my case, a complex query can't be executed, because it is timed out.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
