Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Done
-
3.3.6, 3.4.1
-
None
Description
We already have docs on how to prevent arbitrary code execution through the script engine, but nothing yet about injections in Gremlin, basically the equivalent of SQL injections.
I wrote a post on Stack Overflow on this topic which we can use as a basis here.
Possible topics include:
- Difference between GLVs and Gremlin scripts
- Demonstrate when and how injections can occur
- How to prevent injections
This could either be added as an implementation recipe or as a sub section for Gremlin Server security.