You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: shacl/index.html
+3-1
Original file line number
Diff line number
Diff line change
@@ -5184,13 +5184,14 @@ <h2>Security and Privacy Considerations</h2>
5184
5184
<code>owl:imports</code> and <code>sh:shapesGraph</code>.
5185
5185
</p>
5186
5186
<p>
5187
+
SHACL-SPARQL includes all the <ahref="https://www.w3.org/TR/sparql11-query/#security">security issues of SPARQL</a>.
5187
5188
The <ahref="https://www.w3.org/TR/sparql11-federated-query/">SPARQL SERVICE keyword</a> can be used
5188
5189
to make web service requests against any URL.
5189
5190
URLs called by the SERVICE keyword may include URLs that only pretend to be SPARQL endpoints but are
5190
5191
in fact malware. Untrusted shape definitions may include SPARQL queries that send data derived
5191
5192
from the triples in the data or shapes graphs to a malware SPARQL endpoint.
5192
5193
A simple protection against such attacks is to switch off the SERVICE keyword, or filter the available URLs.
5193
-
The SERVICE keyword may also lead to denial-of-service situations.
5194
+
The SERVICE keyword may also lead to denial-of-service situations, in particular if a SHACL processor issues many request.
5194
5195
</p>
5195
5196
</section>
5196
5197
@@ -5232,6 +5233,7 @@ <h2>Revision History</h2>
5232
5233
The detailed list of changes and their diffs can be found in the <ahref="https://github.com/w3c/data-shapes/commits/gh-pages/shacl/index.html">Git repository</a>.
5233
5234
</p>
5234
5235
<ul>
5236
+
<li><b>2017-04-28</b>: Improvements to SHACL-SPARQL handling in the (informative) Security appendix (see <ahref="https://github.com/w3c/data-shapes/issues/73">Issue #73</a>).</li>
5235
5237
<li><b>2017-04-23</b>: Clarified that values of sh:message are copied into sh:resultMessage (see <ahref="https://github.com/w3c/data-shapes/issues/57">Issue #57</a>).</li>
5236
5238
<li><b>2017-04-23</b>: Added some exclusions on SPARQL queries handled by pre-binding, see <ahref="https://www.w3.org/2017/04/19-shapes-minutes.html#item02">WG decision</a>.</li>
5237
5239
<li><b>2017-04-20</b>: Clarified that sh:property always produces new validation result nodes, see <ahref="https://www.w3.org/2017/04/19-shapes-minutes.html#item01">WG decision</a>.</li>
0 commit comments