[
https://issues.apache.org/jira/browse/TINKERPOP-2190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
stephen mallette closed TINKERPOP-2190.
---------------------------------------
Resolution: Done
Assignee: stephen mallette
Fix Version/s: 3.4.2
Updated docs for to provide information on Gremlin injection -
https://github.com/apache/tinkerpop/commit/dfca86c35c6d0d5c9d332aaa559cc25ea561b803
> Document Gremlin sanitization best practices
> --------------------------------------------
>
> Key: TINKERPOP-2190
> URL: https://issues.apache.org/jira/browse/TINKERPOP-2190
> Project: TinkerPop
> Issue Type: Improvement
> Components: documentation
> Affects Versions: 3.3.6, 3.4.1
> Reporter: Florian Hockmann
> Assignee: stephen mallette
> Priority: Minor
> Fix For: 3.4.2
>
>
> We already have docs on how to prevent arbitrary code execution through the
> script engine, but nothing yet about injections in Gremlin, basically the
> equivalent of SQL injections.
> I wrote [a post on Stack
> Overflow|https://stackoverflow.com/questions/44473303/how-to-prevent-gremlin-injection-in-c/44538936#44538936]
> on this topic which we can use as a basis here.
> Possible topics include:
> * Difference between GLVs and Gremlin scripts
> * Demonstrate when and how injections can occur
> * How to prevent injections
> This could either be added as an [implementation
> recipe|http://tinkerpop.apache.org/docs/current/recipes/#_implementation_recipes]
> or as a sub section for [Gremlin Server
> security|http://tinkerpop.apache.org/docs/current/reference/#security].
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
