Update SPARQL DDoS ed note #107
Conversation
|
I agree with the note, except for this part "or complexity of queries". I think that the complexity of a query should not be considered as a security thread. Maybe can we remove this part? |
|
Complexity of queries is a security threat because it can be used for a DDoS attack, e.g. submitting a query that takes a pathological amount of time to complete to tie up the server. This is also applicable to JSONpath to some extent. So it applies to all query types, not just SPARQL, so we can cover it under "Security and Privacy Considerations" where mitigations can be mentioned (e.g. watchdog timers). |
|
To Do: move DDoS discussion and mitigation to "Security and Privacy Considerations". See also w3c/wot-security#196 which will be discussed in the WoT Security meeting, so it would be good to mention possible security concerns there. |
move DDoS to security and privacy consideration section
add header to fix rendering
|
Updated to move DDoS discussion to S&PC section. Other considerations should be added later. |
Tweak ed note; please check
Preview | Diff