[teiid-issues] [JBoss JIRA] Commented: (TEIID-950) Add ability to control access to environment variables
Ramesh Reddy (JIRA)
jira-events at lists.jboss.org
Tue Oct 12 09:47:39 EDT 2010
[ https://jira.jboss.org/browse/TEIID-950?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12556528#action_12556528 ]
Ramesh Reddy commented on TEIID-950:
------------------------------------
Fix for 7.1.1 ok?
> Add ability to control access to environment variables
> ------------------------------------------------------
>
> Key: TEIID-950
> URL: https://jira.jboss.org/browse/TEIID-950
> Project: Teiid
> Issue Type: Quality Risk
> Components: Query Engine
> Environment: Found by client on MMx 502, tested and found issue present through 551.
> Reporter: Marc Shirley
> Assignee: Ramesh Reddy
> Fix For: 7.2
>
>
> SELECT ENV('os.name') || ' ' || ENV('os.version') || ' ' || ENV('java.home') returns the details of the server, which from the client perspective is a security risk. This information is even visible by a user with no access to any tables. Client is looking to have this disabled, or have the ability to disable it.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the teiid-issues
mailing list