[TINKERPOP-2190] Document Gremlin sanitization best practices - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Done
Affects Version/s: 3.3.6, 3.4.1
Fix Version/s: 3.4.2
Component/s: documentation
Labels:
None

Description

We already have docs on how to prevent arbitrary code execution through the script engine, but nothing yet about injections in Gremlin, basically the equivalent of SQL injections.
I wrote a post on Stack Overflow on this topic which we can use as a basis here.
Possible topics include:

Difference between GLVs and Gremlin scripts
Demonstrate when and how injections can occur
How to prevent injections

This could either be added as an implementation recipe or as a sub section for Gremlin Server security.

Attachments

Activity

People

Assignee:: Stephen Mallette

Reporter:: Florian Hockmann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 02/Apr/19 16:03

Updated:: 14/May/19 10:22

Resolved:: 13/May/19 15:59