Uploaded image for project: 'TinkerPop'
  1. TinkerPop
  2. TINKERPOP-2190

Document Gremlin sanitization best practices

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: 3.3.6, 3.4.1
    • Fix Version/s: 3.4.2
    • Component/s: documentation
    • Labels:
      None

      Description

      We already have docs on how to prevent arbitrary code execution through the script engine, but nothing yet about injections in Gremlin, basically the equivalent of SQL injections.
      I wrote a post on Stack Overflow on this topic which we can use as a basis here.
      Possible topics include:

      • Difference between GLVs and Gremlin scripts
      • Demonstrate when and how injections can occur
      • How to prevent injections

      This could either be added as an implementation recipe or as a sub section for Gremlin Server security.

        Attachments

          Activity

            People

            • Assignee:
              spmallette Stephen Mallette
              Reporter:
              Florian Hockmann Florian Hockmann
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: