[
https://jira.jboss.org/browse/TEIID-950?page=com.atlassian.jira.plugin.sy...
]
Ramesh Reddy resolved TEIID-950.
--------------------------------
Resolution: Done
By default disabled the "ENV" system function. Added new "SESSION_ID"
system function to retrieve the session information of the executing user. Removed the
static nature of loading the system functions to enable the configuration controlled
loading of the functions.
Add ability to control access to environment variables
------------------------------------------------------
Key: TEIID-950
URL:
https://jira.jboss.org/browse/TEIID-950
Project: Teiid
Issue Type: Quality Risk
Components: Query Engine
Environment: Found by client on MMx 502, tested and found issue present through
551.
Reporter: Marc Shirley
Assignee: Ramesh Reddy
Fix For: 7.1.1, 7.2
SELECT ENV('os.name') || ' ' || ENV('os.version') || ' '
|| ENV('java.home') returns the details of the server, which from the client
perspective is a security risk. This information is even visible by a user with no access
to any tables. Client is looking to have this disabled, or have the ability to disable
it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira