Hi Gang Fu,
On 03-Feb-15 1:15 PM, Gang Fu wrote:
Hi,
I am using function vhost_define() to expose read-only sparql endpoint
through another port (different from 8890) for security concern.
I have two questions:
1) how can I expose a sparql endpoint using account other than 'dba'.
I have tried to using vsp_user=>'SPARQL', but I got '404 cannot
access' error when I tried the url. I also set the opts->(executable,
'yes'), this option seems to allow any vsp user to have execute
permission, but it still does not work. I also tried to set user
'SPARQL' to administrator role, but still cannot work....
Please try the steps from this guide: "Secure SPARQL Endpoint via SQL
Accounts -- usage path digest authentication"
Link:
http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtSPARQLProtectSQLDigestAuthentication
Related:
-- Securing SPARQL endpoints:
http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpoints
-- Securing your SPARQL Endpoint via OAuth:
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL
-- Securing your SPARQL Endpoint via WebID:
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSecurityWebID
2) how can I know and configure the user account to use '/sparql'
endpoint by default. The system table 'DB.DBA.HTTP_PATH' only shows
that the vsp_user is 'dba', but it does not show the default user of
that endpoint is 'SPARLQ' (ID=106). The documentation says the user is
'SPARLQ' for both '/sparql' and '/sparql-graph-crud', but I cannot
find any system table for that. Our system team wants to audit that
information.
The name 'SPARQL' is a constant in the code of SPARQL web service
endpoint pages ( /sparql and /sparql-auth ).
Another name can be used if authentication function sets connection
variable 'SPARQLUserId' to that name, for ex., placing inside
authentication call:
connection_set ('SPARQLUserId', 'SOME_USER_NAME');
What you could try is to grant more roles to the user if needed, such as:
SPARQL_LOAD_SERVICE_DATA or SPARQL_UPDATE, by granting directly to the
user or, better, to SPARQL_SELECT, since the endpoint page will require
that the user is member of SPARQL_SELECT group -- that's the minimal
practical permission, however one can grant more permissions.
Best Regards,
Rumi Kocis
Best,
Gang
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
