[teiid-issues] [JBoss JIRA] Commented: (TEIID-950) Add ability to control access to environment variables
Ramesh Reddy (JIRA)
jira-events at lists.jboss.org
Mon Oct 11 15:41:39 EDT 2010
[ https://jira.jboss.org/browse/TEIID-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556402#action_12556402 ]
Ramesh Reddy commented on TEIID-950:
------------------------------------
I am half way through it, but I was trying to get rid of the static nature of loading the system function library, so that we can control through the config. So, there are lot classes it was touching testing wise. Trivial in nature, nevertheless if have done it already that is fine, I can back out my changes.
> Add ability to control access to environment variables
> ------------------------------------------------------
>
> Key: TEIID-950
> URL: https://jira.jboss.org/browse/TEIID-950
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Environment: Found by client on MMx 502, tested and found issue present through 551.
> Reporter: Marc Shirley
> Assignee: Ramesh Reddy
> Fix For: 7.2
>
>
> SELECT ENV('os.name') || ' ' || ENV('os.version') || ' ' || ENV('java.home') returns the details of the server, which from the client perspective is a security risk. This information is even visible by a user with no access to any tables. Client is looking to have this disabled, or have the ability to disable it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list