Forgot to cc to list and to jena-dev -----Original Message----- From: Rob Vesse [mailto:[email protected]] Sent: 29 March 2010 15:53 To: 'Angelo Veltens' Subject: RE: Preventing SPARQL injection
The following may be of interest to you: http://www.slideshare.net/Morelab/sparqlrdqlsparul-injection They proposed a patch to Jena but I don't know whether it ever got incorporated into the codebase. Rob -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Angelo Veltens Sent: 27 March 2010 12:11 To: [email protected] Subject: Preventing SPARQL injection Hi all, my name is Angelo Veltens, i'm studying computer science in germany. I am using the jena framework with sdb for a student research project. I'm just wondering how to prevent sparql injections. It seems to me, that i have to build my queries from plain strings and do the sanitizing on my own. Isn't there something like prepared statements as in SQL/JDBC? This would be less risky. Kind regards, Angelo Veltens
