[teiid-issues] [JBoss JIRA] Commented: (TEIID-950) Add ability to control access to environment variables

[Steven Hawkins (JIRA)]

    [ https://jira.jboss.org/browse/TEIID-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556518#action_12556518 ] 

Steven Hawkins commented on TEIID-950:
--------------------------------------

Sorry for the delayed reply.  You can keep going.  I had just copped out on the static configuration part and was using a system property.

> Add ability to control access to environment variables
> ------------------------------------------------------
>
>                 Key: TEIID-950
>                 URL: https://jira.jboss.org/browse/TEIID-950
>             Project: Teiid
>          Issue Type: Quality Risk
>          Components: Query Engine
>         Environment: Found by client on MMx 502, tested and found issue present through 551.
>            Reporter: Marc Shirley
>            Assignee: Ramesh Reddy
>             Fix For: 7.2
>
>
> SELECT ENV('os.name') || ' ' || ENV('os.version') || ' ' || ENV('java.home')  returns the details of the server, which from the client perspective is a security risk.  This information is even visible by a user with no access to any tables.  Client is looking to have this disabled, or have the ability to disable it.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira