[JBoss JIRA] Commented: (TEIID-950) Add ability to control access to environment variables

Monday, 11 October 2010

    [
https://jira.jboss.org/browse/TEIID-950?page=com.atlassian.jira.plugin.sy...
] 

Ramesh Reddy commented on TEIID-950:
------------------------------------

I am half way through it, but I was trying to get rid of the static nature of loading the
system function library, so that we can control through the config. So, there are lot
classes it was touching testing wise. Trivial in nature, nevertheless if have done it
already that is fine, I can back out my changes.

...
 Add ability to control access to environment variables
 ------------------------------------------------------

                 Key: TEIID-950
                 URL: https://jira.jboss.org/browse/TEIID-950
             Project: Teiid
          Issue Type: Quality Risk
          Components: Query Engine
         Environment: Found by client on MMx 502, tested and found issue present through
551.
            Reporter: Marc Shirley
            Assignee: Ramesh Reddy
             Fix For: 7.2

 SELECT ENV('os.name') || ' ' || ENV('os.version') || ' '
|| ENV('java.home')  returns the details of the server, which from the client
perspective is a security risk.  This information is even visible by a user with no access
to any tables.  Client is looking to have this disabled, or have the ability to disable
it. 
-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009