The LOD2 Stack's configuration graph (<http://localhost/lod2democonfiguration>)
is publicly accessible by default. Since the graph contains passwords, it
shouldn't be public.
What steps will reproduce the problem?
1. For example, go to http://demo.lod2.eu/sparql (or other LOD2 Stack instance)
and execute: SELECT * FROM <http://localhost/lod2democonfiguration> WHERE { ?s
?p ?o . }
2. The query returns the contents of the configuration graph, with the
passwords to Virtuoso and the like.
What is the expected output? What do you see instead?
Instead, the contents of the <http://localhost/lod2democonfiguration> graph
shouldn't be accessible through the public SPARQL endpoint. LOD2 Stack should
use something like Virtuoso's access control policies
(http://docs.openlinksw.com/virtuoso/rdfgraphsecurity.html) to set the
configuration graph as not publicly accessible.
Original issue reported on code.google.com by mynarzji...@gmail.com on 9 Aug 2012 at 9:04
Original issue reported on code.google.com by
mynarzji...@gmail.com
on 9 Aug 2012 at 9:04