Hi Gang Fu,
On 06-Feb-15 4:29 PM, Gang Fu wrote: > Hi Rumi, > > I totally understand your point. My quesiton is about the 'vsp_user' > or called 'vsp_host' used to expose the sparql endpoint. Our system > security team has concern about the 'vsp_user', they are not sure what > is used for, and how to configure it. Basically, they are not familiar > with 'vsp'. I cannot explain well to them, and they want to audit the > user permission for /sparql endpoint. I have explained that the > default user for /sparql endpoint is 'SPARLQ' and it is read-only. But > there is no way to audit that, if later some configuration is changed, > they want to know whether the endpoint is still read-only... > > I found the system table 'http_path' tells you the 'vsp_host' for > 'lpath', but not the user and user role... > Think about virtuoso services and active pages (VSP) as a stored procedure which they actually are. The virtual directory executes a service or VSP page on behalf of vsp_user setting on the virtual directory. That not exactly mean page will do all the things as vsp_user since code can use set_user_id () to switch user. This is the case for /sparql endpoint, if that service see connection setting called SPARQLUserId (please check code an authentication hook) will switch the user if not such setting by default will use ’SPARQL’ user. Best Regards, Rumi Kocis ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
