Page MenuHomePhabricator

Security review for Wikidata Query Service code before deploying to production hardware
Closed, ResolvedPublic

Description

Discovery has a Q1 goal to have Wikidata Query Service running on production hardware in a test mode. The code needs a security review before that can happen.

Event Timeline

ksmith raised the priority of this task from to Needs Triage.
ksmith updated the task description. (Show Details)
ksmith added a subscriber: ksmith.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 8 2015, 5:23 PM
Legoktm set Security to None.
Legoktm added a subscriber: Legoktm.

Any ideas on who can do this?

@csteipp: Will you be able to coordinate this?

Yes, I'll be doing the review.

Who on S&D is primarily working on this piece?

Can I get a link to the existing design docs and code so I can do an initial scoping? After that, I'd like to meet with the people working on this to make sure we have a dataflow diagram and threat model filled in for both this and blazegraph.

Smalyshev added a comment.EditedJul 13 2015, 4:57 PM

Who on S&D is primarily working on this piece?

That would be me. The code is here: https://github.com/wikimedia/wikidata-query-rdf/
The docs are here: https://www.mediawiki.org/wiki/Wikibase/Indexing and https://www.mediawiki.org/wiki/Wikidata_query_service but there's a lot of info that is not relevant anymore there so if you need some specific info I'd be glad to provide more specific pointers.

Deskana closed this task as Resolved.Aug 24 2015, 10:13 PM
Deskana claimed this task.
Deskana added a subscriber: Deskana.

This was waiting on T90115, and given that that is now resolved, so is this. :-)