[
https://jira.jboss.org/browse/TEIID-950?page=com.atlassian.jira.plugin.sy...
]
Steven Hawkins commented on TEIID-950:
--------------------------------------
ENV('sessionid') returned the session id string. Presumably it was mainly for
reporting. "SELECT ENV('sessionid'), ... " so that the client could
record the id along with the results. There was little the user could do with it on the
server side.
Add ability to control access to environment variables
------------------------------------------------------
Key: TEIID-950
URL:
https://jira.jboss.org/browse/TEIID-950
Project: Teiid
Issue Type: Quality Risk
Components: Query Engine
Environment: Found by client on MMx 502, tested and found issue present through
551.
Reporter: Marc Shirley
Fix For: 7.2
SELECT ENV('os.name') || ' ' || ENV('os.version') || ' '
|| ENV('java.home') returns the details of the server, which from the client
perspective is a security risk. This information is even visible by a user with no access
to any tables. Client is looking to have this disabled, or have the ability to disable
it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira