Because containers in the Docker network can by default access each other, a user of the end-user endpoint (fuseki-end-user) can potentially run such a federated query which will expose data from the admin (fuseki-admin) endpoint:
SELECT *
WHERE
{ SERVICE <http://fuseki-admin:3030/ds>
{ GRAPH ?g { ?s <http://xmlns.com/foaf/0.1/name> ?o } }
}
LIMIT 100
LinkedDataHub needs this federation for authorization queries. But the end-users having the same access is a security issue.
Some kind of authentication (even HTTP Basic) that the user does not have access to should work. Need to investigate Security in Fuseki2.
Because containers in the Docker network can by default access each other, a user of the end-user endpoint (
fuseki-end-user) can potentially run such a federated query which will expose data from the admin (fuseki-admin) endpoint:LinkedDataHub needs this federation for authorization queries. But the end-users having the same access is a security issue.
Some kind of authentication (even HTTP Basic) that the user does not have access to should work. Need to investigate Security in Fuseki2.