search

prisszilla / lod2-stack

Automatically exported from code.google.com/p/lod2-stack
0 stars 0 forks source link

LOD2 demo configuration graph is publicly accessible #32

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
The LOD2 Stack's configuration graph (<http://localhost/lod2democonfiguration>) 
is publicly accessible by default. Since the graph contains passwords, it 
shouldn't be public.

What steps will reproduce the problem?

1. For example, go to http://demo.lod2.eu/sparql (or other LOD2 Stack instance) 
and execute: SELECT * FROM <http://localhost/lod2democonfiguration>  WHERE { ?s 
?p ?o . }
2. The query returns the contents of the configuration graph, with the 
passwords to Virtuoso and the like.

What is the expected output? What do you see instead?

Instead, the contents of the <http://localhost/lod2democonfiguration> graph 
shouldn't be accessible through the public SPARQL endpoint. LOD2 Stack should 
use something like Virtuoso's access control policies 
(http://docs.openlinksw.com/virtuoso/rdfgraphsecurity.html) to set the 
configuration graph as not publicly accessible.

Original issue reported on code.google.com by mynarzji...@gmail.com on 9 Aug 2012 at 9:04