Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sandboxing end-user/admin SPARQL endpoints #107

Open
namedgraph opened this issue Sep 24, 2021 · 0 comments
Open

Sandboxing end-user/admin SPARQL endpoints #107

namedgraph opened this issue Sep 24, 2021 · 0 comments
Assignees
@namedgraph
Labels
bug help wanted

Comments

@namedgraph
Copy link
Member

namedgraph commented Sep 24, 2021
edited

Because containers in the Docker network can by default access each other, a user of the end-user endpoint (fuseki-end-user) can potentially run such a federated query which will expose data from the admin (fuseki-admin) endpoint:

SELECT  *
WHERE
  { SERVICE <http://fuseki-admin:3030/ds>
      { GRAPH ?g { ?s  <http://xmlns.com/foaf/0.1/name>  ?o } }
  }
LIMIT   100

LinkedDataHub needs this federation for authorization queries. But the end-users having the same access is a security issue.

Some kind of authentication (even HTTP Basic) that the user does not have access to should work. Need to investigate Security in Fuseki2.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@namedgraph namedgraph

Labels
bug help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@namedgraph