Hello Herman, There are all sorts of security tweaks, but there's no built-in tagging of data strings as safe/unsafe, if you mean this. The reason is that you don't have to form SQL strings by concatenation of parts of different origin and worry about escaping of constants; you have the whole procedure language available in every dynamic web page, with parameter passing of all sorts. Thus the best way of making right or wrong escaping of string is to eliminate the need for escaping at all :)
A separate issue exists in the protection of 3rd parties: an application may compose an URL that point to them and contain SQL injections stored previously by attacker in his application data. In this aspect Virtuoso is neither better nor worse than any other server, because no automatic protection is possible. Best Regards, Ivan Mikhailov OpenLink Software http://virtuoso.openlinksw.com On Sun, 2011-04-17 at 23:09 -0300, Herman A. Junge wrote: > Hi, > > > Does Virtuoso have built-in protection against SQL / SPARQL > Injections? > > > Herman A. Junge > neoSource, SCL
