From 67f3c95ca9ef64c5ff115d99afe129f8cb45fd22 Mon Sep 17 00:00:00 2001
From: flange <38500-flange@users.noreply.git.rwth-aachen.de>
Date: Thu, 20 Mar 2025 11:30:32 +0100
Subject: [PATCH] use the read-only query endpoint for SPARQL queries document
 separation of query and data manipulation interfaces

---
 project/dalia/query/utils.py | 2 +-
 security.md                  | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/project/dalia/query/utils.py b/project/dalia/query/utils.py
index 1808beb..8aa45f7 100644
--- a/project/dalia/query/utils.py
+++ b/project/dalia/query/utils.py
@@ -30,7 +30,7 @@ def query_dataset(dataset: Dataset, query: str) -> Result:
 
 # TODO: find out whether we can use one and the same SPARQLStore object for all (parallel) queries
 def _get_sparql_store(dataset: Dataset) -> SPARQLStore:
-    return SPARQLStore(query_endpoint=f"{_get_triplestore_endpoint_from_settings()}{dataset.value}")
+    return SPARQLStore(query_endpoint=f"{_get_triplestore_endpoint_from_settings()}{dataset.value}/query")
 
 
 def _get_triplestore_endpoint_from_settings() -> str:
diff --git a/security.md b/security.md
index 8132cdc..c855610 100644
--- a/security.md
+++ b/security.md
@@ -56,3 +56,7 @@ Our business logic uses a [query builder](https://git.rwth-aachen.de/dalia/backe
 #### URIs
 
 `URIRef`'s [`n3()` method](https://rdflib.readthedocs.io/en/stable/apidocs/rdflib.html#rdflib.term.URIRef.n3) tests for [invalid characters](https://github.com/RDFLib/rdflib/blob/main/rdflib/term.py#L101-L108) in the URI and raises an exception upon detection.
+
+### Separation of query and data manipulation interfaces
+
+[DALIA's Fuseki triplestore](https://git.rwth-aachen.de/dalia/backend/fuseki) offers separate HTTP endpoints that support different protocols from the SPARQL protocol family (SPARQL query, SPARQL/Update (SPARUL) and the Graph Store HTTP Protocol (GSP)). Requests that concern querying data should be sent to the read-only endpoints (SPARQL query, GSP read) and requests that concern data manipulation should be sent to the write endpoints (SPARUL and GSP write).
-- 
GitLab